From 0d150b3236b55a0f94da9188beba5ff6f75fff77 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Mon, 8 Jan 2024 20:47:12 +0100
Subject: [PATCH] move age keys to /etc closes #33

---
 bootstrap.sh      | 6 +++---
 nixos/default.nix | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bootstrap.sh b/bootstrap.sh
index 66f2449..213a7ab 100755
--- a/bootstrap.sh
+++ b/bootstrap.sh
@@ -34,12 +34,12 @@ trap cleanup EXIT
 
 # Create directory where age key will go.
 # Nixos-anwhere creates a kind of overlay and retains this structure on the final file system.
-mkdir "$temp/root"
+mkdir "$temp/etc"
 
-secret-tool lookup age-identity "$servername" > "$temp/root/age_ed25519"
+secret-tool lookup age-identity "$servername" > "$temp/etc/age_ed25519"
 
 # Set the correct permissions
-chmod 600 "$temp/root/age_ed25519"
+chmod 600 "$temp/etc/age_ed25519"
 
 # Install NixOS to the host system with our age identity
 nix run github:numtide/nixos-anywhere -- --extra-files "$temp" --flake ".#${servername}" "root@${hostname}"
diff --git a/nixos/default.nix b/nixos/default.nix
index 6556728..3b95896 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -117,7 +117,7 @@
   hardware.cpu.intel.updateMicrocode =
     lib.mkDefault config.hardware.enableRedistributableFirmware;
 
-  age.identityPaths = [ "/root/age_ed25519" ];
+  age.identityPaths = [ "/etc/age_ed25519" ];
 
   virtualisation.libvirtd.enable = true;