flake.lock

@@ -377,11 +377,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1713863887,
+        "lastModified": 1713776544,
-        "narHash": "sha256-TwlNZjJloyZ0/5KCPeSWrnyDfEFokayovRPQY7xqq1g=",
+        "narHash": "sha256-EQW8P1TfkYQV0EEK1n3Gh9wRp9KlC0EbidH2j+niCaE=",
         "ref": "refs/heads/main",
-        "rev": "b8c66d7b0ca9fc21bc5332801b0203033cc3a772",
+        "rev": "61410d68f15b3b970067a3fdd39667fdd9a89edd",
-        "revCount": 13,
+        "revCount": 12,
         "type": "git",
         "url": "ssh://forgejo@git.everest.sable-pancake.ts.net:4222/Toast/nix-secrets"
       },

roles/common/programs/git.nix

@@ -1,9 +1,4 @@
 {...}: {
-  programs.ssh.knownHosts = {
-    "[git.everest.sable-pancake.ts.net]:4222".publicKey = ''
-      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoUcWx56NZ3kqydN3d0gLNz6SlBm1ArkHhqR9Fwd8qs
-    '';
-  };
   home-manager.users.toast = {
     programs.git = {
       enable = true;

roles/server/forgejo.nix

@@ -1,26 +1,8 @@
 {
   config,
   lib,
-  flakeSelf,
   ...
-}: let
+}: {
-  hostSecrets = "${flakeSelf.inputs.secrets}/" + config.networking.hostName + "/";
-in {
-  age.secrets = {
-    forgejo-host-key = {
-      file = hostSecrets + "forgejoPrivateKey.age";
-      mode = "0400";
-      owner = "forgejo";
-      group = "forgejo";
-    };
-    "forgejo-host-key.pub" = {
-      file = hostSecrets + "forgejoPublicKey.age";
-      mode = "0400";
-      owner = "forgejo";
-      group = "forgejo";
-    };
-  };
-
   specialisation.forgejoEnableRegistration.configuration.services.forgejo.settings.service.DISABLE_REGISTRATION = false;
   services.forgejo = {
     enable = true;
@@ -32,8 +14,6 @@ in {
         ROOT_URL = "http://git.everest.sable-pancake.ts.net";
         START_SSH_SERVER = true;
         SSH_PORT = 4222;
-        SSH_SERVER_HOST_KEYS = config.age.secrets.forgejo-host-key.path;
-        SSH_SERVER_HOST_KEY = "forgejo-host-key";
       };
       repository = {
         ENABLE_PUSH_CREATE_USER = true;