another secret

configuration.nix

@@ -253,7 +253,7 @@ in {
             repo = "zh2769@zh2769.rsync.net:hel1-a.servers.jakst";
             encryption = {
               mode = "repokey-blake2";
-              passCommand = "cat /var/src/secrets/borgbackup/password";
+              passCommand = "cat ${config.age.secrets.borgbackup-password.path}";
             };
             paths = value.paths;
             extraArgs = "--remote-path=borg1";

flake.nix

@@ -41,8 +41,8 @@
           agenix.nixosModules.default
 
           {
-            #age.secrets.zfs-passphrase.file = ./secrets/hel1-a/zfs-passphrase.age;
+            age.secrets.zfs-passphrase.file = ./secrets/hel1-a/zfs-passphrase.age;
-            age.secrets.x.file = ./secrets/hel1-a/zfs-passphrase.age;
+            age.secrets.borgbackup-password.file = ./secrets/hel1-a/borgbackup/password.age;
           }
         ];
       };

secrets.nix

@@ -6,5 +6,6 @@ let
   systems = [ hel1-a ];
 in
 {
-  "secrets/hel1-a/zfs-passphrase.age".publicKeys = [ motiejus hel1-a ];
+  "secrets/hel1-a/zfs-passphrase.age".publicKeys = [ hel1-a ] ++ users;
+  "secrets/hel1-a/borgbackup/password.age".publicKeys = [ hel1-a ] ++ users;
 }

secrets/hel1-a/borgbackup/password.age

@@ -0,0 +1,10 @@
+age-encryption.org/v1
+-> ssh-ed25519 vDjOfg 0/IO1+EoGmn3ZEet4SMhOmAJQeT5YpttmKAipD1oCwg
+iZLiUv9rhKU5LLPRsJOoCHTb8TIvJ0LlC3d2Sd9roo4
+-> piv-p256 +y2G/w A730rF1kEug1nr308d+6913WteORiv4BiHJ3GgZIrSXA
+qd0R3f3FDMldSvOTlzk2CljuGkSWP4/KImPRDbhOv/o
+-> ~_^9s}-grease 4$%7. i/IdUD
+8AYlo65+TL2iuJUfLDurHcr9l26OLjuzEbdaOjne6xZblfvHPYiRnzHmFdiLGNoY
+HbzxgTmY0UjlR1stDc7JqigIiD0zNNr6AfeBDnOQtJItpTNvmPIH4OqGluR/cQ
+--- hLALRFLVY80PGNkw0E8fUoM2h80+BJKegw9DeAjkC7g
+Ë<EFBFBD>IÈ°ßm¨p¹OW<4F>Äqª‰íקfA’yµ5Íî#?ñ…oAéqYîq§fO;]±	¼ Ó