ctucx.git: nixfiles

configurations/darwin/syncthing: use agenix for key and cert

diff --git a/configurations/darwin/syncthing.nix b/configurations/darwin/syncthing.nix
@@ -5,6 +5,17 @@ let
 
 in {
 
+  age.secrets = {
+    syncthing-key = {
+      file  = ../../secrets + "/${config.networking.hostName}/syncthing/key.age";
+      owner = "leah";
+    };
+    syncthing-cert = {
+      file  = ../../secrets + "/${config.networking.hostName}/syncthing/cert.age";
+      owner = "leah";
+    };
+  };
+
   services = {
     syncthing = {
       enable  = true;

@@ -12,6 +23,9 @@ in {
       user    = "leah";
       group   = "staff";
 
+      key     = lib.mkDefault config.age.secrets.syncthing-key.path;
+      cert    = lib.mkDefault config.age.secrets.syncthing-cert.path;
+
       dataDir = "/Users/leah";
       devices = syncthingConfig.devices;
       folders = syncthingConfig.folders;

diff --git a/secrets/blechkasten/syncthing/cert.age b/secrets/blechkasten/syncthing/cert.age  Binary files differ.

diff --git a/secrets/blechkasten/syncthing/key.age b/secrets/blechkasten/syncthing/key.age  Binary files differ.

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
@@ -1,5 +1,6 @@
 let
   leah           = "age1mn57hntgx775kwcwx4jrrd7rfl7z4wl54kqtgq8w2kzg7agz7alsv5eesw";
+  blechkasten    = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEZLQ6jDcRGjUy7eyDHF0WHDquxGb6aP93d9w8trEZZE";
   coladose       = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2ky7icnZOUMDtBPwVoq5icGFAzf1C5nfNhoqZEins7";
 
   #servers

@@ -19,6 +20,10 @@ in {
   "restic-server/hector.age".publicKeys                       = [ leah trabbi hector lollo lollo-old ];
 
 
+  "blechkasten/syncthing/key.age".publicKeys                  = [ leah blechkasten ];
+  "blechkasten/syncthing/cert.age".publicKeys                 = [ leah blechkasten ];
+
+
   "lollo/mosquitto/passwd-leah.age".publicKeys                = [ leah lollo ];
   "lollo/zigbee2mqtt/secrets.age".publicKeys                  = [ leah lollo ];