From 35545242ac4a9dbd7971bff71e88702e12d2d517 Mon Sep 17 00:00:00 2001
From: Haak Saxberg <haak.erling@gmail.com>
Date: Sun, 31 Jul 2022 22:45:58 -0700
Subject: [PATCH] use keys file for syncthing as well

---
 nix/deployments/nixops.nix             | 2 +-
 nix/system/framework/configuration.nix | 4 ++--
 nix/system/framework/keys.nix          | 9 ++++++++-
 3 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/nix/deployments/nixops.nix b/nix/deployments/nixops.nix
index 33535c9..8846298 100644
--- a/nix/deployments/nixops.nix
+++ b/nix/deployments/nixops.nix
@@ -18,7 +18,7 @@
     # for nixops to log in and perform operations as haak (instead of root)
     security.sudo.wheelNeedsPassword = false;
     users.users.root.openssh.authorizedKeys.keys = [
-      (import ../system/framework/keys.nix).public
+      (import ../system/framework/keys.nix).ssh.public
     ];
     home-manager.users.haak = (import ../home/commandline.nix);
   };
diff --git a/nix/system/framework/configuration.nix b/nix/system/framework/configuration.nix
index dfe5c24..7be99c8 100644
--- a/nix/system/framework/configuration.nix
+++ b/nix/system/framework/configuration.nix
@@ -151,8 +151,8 @@
     user = "haak";
     dataDir = "/home/haak/synced";
     configDir = "/home/haak/synced/.config/syncthing";
-    cert = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/cert.pem" then "/home/haak/dotfiles/secrets/syncthing/cert.pem" else null;
-    key = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/key.pem" then "/home/haak/dotfiles/secrets/syncthing/key.pem" else null;
+    cert = (import ./keys.nix).syncthing.cert;
+    key = (import ./keys.nix).syncthing.key;
   };
 
   location.provider = "geoclue2";
diff --git a/nix/system/framework/keys.nix b/nix/system/framework/keys.nix
index 7d1931d..3428c41 100644
--- a/nix/system/framework/keys.nix
+++ b/nix/system/framework/keys.nix
@@ -1,3 +1,10 @@
 {
-  public = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd7+5+rLGrsGbg+mXjzQLqwAR2VNNFPCb7Va4FqVwd7 haak@framework";
+  ssh = {
+    public = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd7+5+rLGrsGbg+mXjzQLqwAR2VNNFPCb7Va4FqVwd7 haak@framework";
+  };
+
+  syncthing = {
+    cert = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/cert.pem" then "/home/haak/dotfiles/secrets/syncthing/cert.pem" else null;
+    key = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/key.pem" then "/home/haak/dotfiles/secrets/syncthing/key.pem" else null;
+  };
 }