use keys file for syncthing as well

nix/deployments/nixops.nix

@@ -18,7 +18,7 @@
     # for nixops to log in and perform operations as haak (instead of root)
     security.sudo.wheelNeedsPassword = false;
     users.users.root.openssh.authorizedKeys.keys = [
-      (import ../system/framework/keys.nix).public
+      (import ../system/framework/keys.nix).ssh.public
     ];
     home-manager.users.haak = (import ../home/commandline.nix);
   };

nix/system/framework/configuration.nix

@@ -151,8 +151,8 @@
     user = "haak";
     dataDir = "/home/haak/synced";
     configDir = "/home/haak/synced/.config/syncthing";
-    cert = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/cert.pem" then "/home/haak/dotfiles/secrets/syncthing/cert.pem" else null;
+    cert = (import ./keys.nix).syncthing.cert;
-    key = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/key.pem" then "/home/haak/dotfiles/secrets/syncthing/key.pem" else null;
+    key = (import ./keys.nix).syncthing.key;
   };
 
   location.provider = "geoclue2";

nix/system/framework/keys.nix

@@ -1,3 +1,10 @@
 {
+  ssh = {
     public = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd7+5+rLGrsGbg+mXjzQLqwAR2VNNFPCb7Va4FqVwd7 haak@framework";
+  };
+
+  syncthing = {
+    cert = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/cert.pem" then "/home/haak/dotfiles/secrets/syncthing/cert.pem" else null;
+    key = if builtins.pathExists "/home/haak/dotfiles/secrets/syncthing/key.pem" then "/home/haak/dotfiles/secrets/syncthing/key.pem" else null;
+  };
 }