From e7b9b46f444467f73f9d06c0c1482424be1945b7 Mon Sep 17 00:00:00 2001
From: zuckerberg <5-zuckerberg@users.noreply.git.neet.dev>
Date: Tue, 22 Jun 2021 20:48:05 -0400
Subject: [PATCH] store pia secret in git

---
 common/pia.nix                   |  3 ++-
 common/ssh.nix                   |  3 ++-
 machines/mitty/configuration.nix |  4 ++--
 secrets/pia-login.conf           | 17 +++++++++++++++++
 secrets/secrets.nix              |  1 +
 5 files changed, 24 insertions(+), 4 deletions(-)
 create mode 100644 secrets/pia-login.conf
diff --git a/common/pia.nix b/common/pia.nix
index e3364a6..3ed84ef 100644
--- a/common/pia.nix
+++ b/common/pia.nix
@@ -85,7 +85,7 @@ YDQ8z9v+DMO6iwyIDRiU
 </ca>
 
 disable-occ
-auth-user-pass /secret/pia-login.conf
+auth-user-pass /run/secrets/pia-login.conf
           '';
           autoStart = true;
           up = "echo nameserver $nameserver | ${pkgs.openresolv}/sbin/resolvconf -m 0 -a $dev";
@@ -93,5 +93,6 @@ auth-user-pass /secret/pia-login.conf
         };
       };
     };
+    age.secrets."pia-login.conf".file = ../secrets/pia-login.conf;
   };
 }
\ No newline at end of file
diff --git a/common/ssh.nix b/common/ssh.nix
index 5ad4f48..18887da 100644
--- a/common/ssh.nix
+++ b/common/ssh.nix
@@ -7,6 +7,7 @@ rec {
   ];
   system = {
     liza = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDY/pNyWedEfU7Tq9ikGbriRuF1ZWkHhegGS17L0Vcdl";
+    mitty = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE2oSon3hKFqdDbfWXjc72trCWsdi16eEppeXkKRTEn";
   };
-  systems = [ system.liza ];
+  systems = [ system.liza system.mitty ];
 }
\ No newline at end of file
diff --git a/machines/mitty/configuration.nix b/machines/mitty/configuration.nix
index 690dfa2..0724872 100644
--- a/machines/mitty/configuration.nix
+++ b/machines/mitty/configuration.nix
@@ -36,8 +36,8 @@
       };
     };
     bindMounts = {
-      "/secret" = {
-        hostPath = "/secret";
+      "/run/secrets" = {
+        hostPath = "/run/secrets";
         isReadOnly = true;
       };
     };
diff --git a/secrets/pia-login.conf b/secrets/pia-login.conf
new file mode 100644
index 0000000..ad32822
--- /dev/null
+++ b/secrets/pia-login.conf
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 WVH30Q snPXnqoyFpLZC/3g5xuk38xw8rRC1uG5FQ1UoygWOlg
+xmUPcKzhUCOFA5oJ+mgB7X4nU72Dva9MrISwvy9OypQ
+-> ssh-ed25519 G2eSCQ INFecXmB/x6/j01MoeyycP83LYazWAneIYaTIaLSmyQ
+Wbft9S6XW/Ps3RthPLLZaH1aHSV4sX7YkAW4ONQTjtI
+-> ssh-ed25519 2a2Yhw NoxlRKbjJyLEBs0fsJK6VWSdwTKwe1a/mHh/9RZ7aBY
+eScYO2IAKJz6LdGHCbYV7b6UATWKirqK4SNGcSnMEJo
+-> ssh-ed25519 N240Tg RG6gq+6KTozGSlfM7wylDJGKIdDncdjXbyZt4UjHsi4
+Jg2wgatlpILw3lfXYBOwy+vgEoUGKQXD4aE+kTEMPmk
+-> ssh-ed25519 mbw8xA xjYbjae/j3jdRRT/O1GKvC8N6GSaBRTOwr6t5i0Ng04
+vZDh4rrsJQI2LG4X0RrP7fc1eEHApG0Ya5HElSUi+ek
+-> ssh-ed25519 xoAm7w NziSfA468lCU/SBnqfTu8VEbUZavqJvxUnLpT4E1/3A
+QK9cNVAMR7wq2PUarmrNZ73hE1M5lTkTbiZmyoR0CnA
+-> f-grease FYI c,@S&E !Pg
+LlfyHfU6CRWGV/RU8w
+--- D45DX/qNTQ6eWoCYmSP7exOh3e6x4AAV03fiW7EAthM
+ä9px%æS‚úôþ–1zö’ï)é½Æ›™bëñŒ‚ ÆVKH‚KŒÆmÌzZ°Ö:ÈØ#µ?víPžÃ±x…lzœÃP#šUæÕR&¶`ÒÇÀ.sÊ
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 68d56e4..8d3f9a6 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -6,4 +6,5 @@ let
 in
 {
   "searx.age".publicKeys = all;
+  "pia-login.conf".publicKeys = all;
 }
\ No newline at end of file
