From a1cad2efcd59177dd1388ceb63fe85d9c032e22a Mon Sep 17 00:00:00 2001
From: Max <max@privatevoid.net>
Date: Sun, 4 Aug 2024 23:45:29 +0200
Subject: [PATCH] cluster/services/storage: use locksmith secrets for external
 storage

---
 cluster/services/storage/default.nix                  |  5 ++++-
 cluster/services/storage/external.nix                 |  2 +-
 .../storage/secrets/external-storage-auth-prophet.age | 11 -----------
 3 files changed, 5 insertions(+), 13 deletions(-)
 delete mode 100644 cluster/services/storage/secrets/external-storage-auth-prophet.age

diff --git a/cluster/services/storage/default.nix b/cluster/services/storage/default.nix
index afc8646..1a96eb9 100644
--- a/cluster/services/storage/default.nix
+++ b/cluster/services/storage/default.nix
@@ -95,7 +95,10 @@ in
   };
 
   garage = {
-    keys.storage-prophet = {};
+    keys.storage-prophet.locksmith = {
+      nodes = [ "prophet" ];
+      format = "s3ql";
+    };
     buckets.storage-prophet = {
       allow.storage-prophet = [ "read" "write" ];
     };
diff --git a/cluster/services/storage/external.nix b/cluster/services/storage/external.nix
index 971d9a6..d1514e5 100644
--- a/cluster/services/storage/external.nix
+++ b/cluster/services/storage/external.nix
@@ -8,7 +8,7 @@ in
   services.external-storage = {
     fileSystems.external = {
       mountpoint = "/srv/storage";
-      authFile = ./secrets/external-storage-auth-${hostName}.age;
+      locksmithSecret = "garage-storage-${hostName}";
       backend = "s3c4://${cluster.config.links.garageS3.hostname}/storage-${hostName}";
       backendOptions = [ "disable-expect100" ];
     };
diff --git a/cluster/services/storage/secrets/external-storage-auth-prophet.age b/cluster/services/storage/secrets/external-storage-auth-prophet.age
deleted file mode 100644
index bad24c8..0000000
--- a/cluster/services/storage/secrets/external-storage-auth-prophet.age
+++ /dev/null
@@ -1,11 +0,0 @@
-age-encryption.org/v1
--> ssh-ed25519 NO562A tC8lfwNJIXjVJImBq25v/NGIQ1Ns24NpCzksbw/eb3w
-2hQltUYSO2Gpjd+49IQR1UJOhy33xWvNH6dx+uGDvFA
--> ssh-ed25519 5/zT0w dapxQ/VV0peQKMwghQJ91wQVahYOqxw2QrXqQCau82c
-0DnIF5ISoB5htYA3X5DSTgLJXLSkqjz1O0CMcmnnrjQ
--> ssh-ed25519 YIaSKQ ehv+WWCLC/co9lhpa+cAdqJUG33L/Vkn6lUXOwNRV2w
-LEobbvvpq6lPNbzasGeXf9NabN150ZVe5n5OJNgbyD4
---- FrT2CFmuWQ+vKGbBY2pGT90Mu8WzXfpbIAzYdR3Vb2w
-��g�N�8��\K!p
��7���k���#��u��*{}T�0�|@���E>z�'-RxK�zB���n*0��~OV��4�q��]^(��>-�3��e0a���.o��C)��4g��7Nzɔ�n���M��x6�����'[�6�w?����i=�v�EJ�B
-���9g�i"Q
��
-��ٮ�
\ No newline at end of file