Use age secrets on mineral machines (mainly for work-related tasks)

Signed-off-by: Mel <mel@rnrd.eu>
author: Mel <mel@rnrd.eu> 2025-07-25 15:40:28 +0200
committer: Mel <mel@rnrd.eu> 2025-07-25 15:40:28 +0200
commit: 8572f3b4db7e26d7e2751f03873069943fca3fe8 (patch)
tree: 2693aa8104a3afb2459cab2d5d3763ad1f5443ee /modules/common.nix
parent: 99a008a30f2be2cc417e309ef01d02d6995f0c78 (diff)
download: minerals-8572f3b4db7e26d7e2751f03873069943fca3fe8.tar.zst
minerals-8572f3b4db7e26d7e2751f03873069943fca3fe8.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/modules/common.nix b/modules/common.nix
index 66d48bb..45395a1 100644
--- a/modules/common.nix
+++ b/modules/common.nix
@@ -92,6 +92,11 @@ in
     };
   };
 
+  # on desktop machines (a.k.a. minerals) we only use tailscale ssh
+  # for access, so we don't generally have normal host keys, and
+  # have to grab the ones tailscale uses.
+  age.identityPaths = [ "/var/lib/tailscale/ssh/ssh_host_ed25519_key" ];
+
   # TODO: the filter already does some good work, but we need some way to
   # pick out x86-only packages, so it is not as opaque as it currently is.
   # (who knows if muse-sounds-manager is actually installed, for example?)
author	Mel <mel@rnrd.eu>	2025-07-25 15:40:28 +0200
committer	Mel <mel@rnrd.eu>	2025-07-25 15:40:28 +0200
commit	8572f3b4db7e26d7e2751f03873069943fca3fe8 (patch)
tree	2693aa8104a3afb2459cab2d5d3763ad1f5443ee /modules/common.nix
parent	99a008a30f2be2cc417e309ef01d02d6995f0c78 (diff)
download	minerals-8572f3b4db7e26d7e2751f03873069943fca3fe8.tar.zst minerals-8572f3b4db7e26d7e2751f03873069943fca3fe8.zip