From fb7780e043b3d0a0bb96ed3dd1cb8b89c4d589a4 Mon Sep 17 00:00:00 2001
From: Aly Raffauf <aly@raffauflabs.com>
Date: Sun, 30 Jun 2024 23:28:24 -0400
Subject: [PATCH] mauville: fetch nix-cache secrets with agenix

---
 hosts/mauville/default.nix   |   7 +++++--
 secrets/nixCache/privKey.age | Bin 0 -> 1316 bytes
 secrets/nixCache/pubKey      |   1 +
 secrets/secrets.nix          |   1 +
 4 files changed, 7 insertions(+), 2 deletions(-)
 create mode 100644 secrets/nixCache/privKey.age
 create mode 100644 secrets/nixCache/pubKey

diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix
index d738146b..f73fff85 100644
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@@ -19,7 +19,10 @@ in {
     ./home.nix
   ];
 
-  age.secrets.cloudflare.file = ../../secrets/cloudflare.age;
+  age.secrets = {
+    cloudflare.file = ../../secrets/cloudflare.age;
+    nixCache.file = ../../secrets/nixCache/privKey.age;
+  };
 
   boot.loader = {
     efi.canTouchEfiVariables = true;
@@ -164,7 +167,7 @@ in {
 
     nix-serve = {
       enable = true;
-      secretKeyFile = "/var/cache-priv-key.pem";
+      secretKeyFile = config.age.secrets.nixCache.path;
     };
 
     ollama = {
diff --git a/secrets/nixCache/privKey.age b/secrets/nixCache/privKey.age
new file mode 100644
index 0000000000000000000000000000000000000000..453ffbf7a982bbccb2fcc5f3c4e3df1f6f2281d9
GIT binary patch
literal 1316
zcmZY7&CA;a0LO9hBK9DPOu>tVd6<UBHf_=*6Vx<Knlx=*o0s-v-d~%vc~1^1gXw$$
zMLdY^;0pr<^`ahzry*X{;bA*WLD)?Y4>E<}VZNN7=P&s1`|>k9=g3K{tlbwunmn0i
z-k<_|M^E?j+&^;c5e$P^zhRsWC-&=|+iXF)s+K!jpCN=5Z-)mXf`}%zJwq)K>3~=V
z56#zJuPw+G$(E9Yr2AH3N?7zW3y2pgKM&e?;g=C_vq~&Xs_3}p0mfeU`i`nmbk&f;
zz(Qprgnhl5HA@jCW@W_!+-51SJ(dg1u?qECw?muJ7;&dty8u~|mOwGltA?$4oK0;`
z(RM%?hBB9*(9)cqb#-5o1tau341+jjoU^104L6`$8w$V!maLB~A(6p=ffZHh`BEmP
zbp_$#D5w`M7QqTAJBDk=-rV&JqjPniuS8;Wa+}uW1GVm#BCmz1;_7-$uZjOF%Z)+{
z1sbDs3N`sPMF<sFEvU(q>G5-8K2BwPQwe5hz+ys}Fl9qKv2da;!#vlmn0$>z>%r!D
z$$1ttCf;AOBM-qNGK(aE9D2b-%M-4OV?dL`j<oCr<uS{`Acrl~gOP2J3S4TIc0A?L
z&@*fxiRY9(YcjLuvxBWGoH(y?adlji*CH(8{URz0DKUe5hw)RX8W-k<5iPG->_l9}
zDjz5rHIy-gAgo?f4y~5X;jvTT*h)!dP9WBk>6l(69yAE$MI?cqzrq~dJFZy>Iq<~(
zR5u!A7D(z~-&S$7-C9CDQx;RRnQa19n_1%qPHoDaB&%M7u)b>V$YqTLcmuMf$E<gv
z6X>EZiY_Dz%W!G2waW4*G!3?lgV*00dwi!kT+Gk+WYP}skqkIc(~&rakNnYWf+{Fq
z0*VqSJ-CCba(0NeXyD)_AP(Bp*?Y6H+0*OooTvC9Jg)|YRthIR3GQ?Vs{5T@!KHLi
zq?Nms))~E_88r>X6t#<et)Y#oOl((W(J77h3~(_A2sb}$L~N6V+wQ<dtf^>R!*2}J
znb3_S52lW9b>#7ql&?Amu}=*hDaUp0fVUMxp!Aqy3MZ{6NjB_6B+Q0M7Lf?<i{P;5
zJ2KDKh{gowb|tVJy+scih?I27tYm9YulUIrixQ}o>fX`OQC~;`qHRqe8|k%AQX^j(
z=qoZwjZp`|yOC2&1Q63!mWpk9cm4a<`SSZ$f4Ont^yynyzxepf<>i&X-+PLA=;oh~
z$L{nkL3{m^v())3_q}3Vdf<(3-u&FTNNmnN^TQ)|?%uup(XXxhTAAOt^unp<@7(_q
za&3C)gX?dfx;FfSdiM86na{3Y{PZ5uK66ff?BQ>}y8ZLJKVALu@Zyj0`}h9y+v@gr
c<@|{Ym)|)mu4oT_eP{XMxO^@-cMH7v9}REBbpQYW

literal 0
HcmV?d00001

diff --git a/secrets/nixCache/pubKey b/secrets/nixCache/pubKey
new file mode 100644
index 00000000..0a826f43
--- /dev/null
+++ b/secrets/nixCache/pubKey
@@ -0,0 +1 @@
+nixcache.raffauflabs.com:yFIuJde/izA4aUDI3MZmBLzynEsqVCT1OfCUghOLlt8=
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 13b8153e..7bfad90c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -22,6 +22,7 @@ in {
   "lastFM/secret.age".publicKeys = keys;
   "mail/achacega_gmail.age".publicKeys = keys;
   "mail/alyraffauf_fastmail.age".publicKeys = keys;
+  "nixCache/privKey.age".publicKeys = keys;
   "spotify/clientId.age".publicKeys = keys;
   "spotify/clientSecret.age".publicKeys = keys;
   "syncthing/fallarbor/cert.age".publicKeys = keys;