phase 6: remove legacy git-crypt-key-{dotfiles,server-config} agenix entries

Unified CI on nixos repo is proven end-to-end (CI run on 836f80a deployed to muffin successfully and yarn's pull URL now serves from the new build). The two per-repo git-crypt keys are no longer in use by any active pipeline. Old dotfiles and server-config repos had Gitea Actions disabled before this commit, so no CI race possible.
2026-04-18 01:37:14 -04:00
parent 7ef4e5a68f
commit 25d6e7eead
3 changed files with 0 additions and 18 deletions
--- a/modules/age-secrets.nix
+++ b/modules/age-secrets.nix
@@ -152,25 +152,7 @@
      group = "gitea-runner";
    };

-    # Git-crypt symmetric key for dotfiles repo
-    git-crypt-key-dotfiles = {
-      file = ../secrets/server/git-crypt-key-dotfiles.age;
-      mode = "0400";
-      owner = "gitea-runner";
-      group = "gitea-runner";
-    };
-
-    # Git-crypt symmetric key for server-config repo
-    git-crypt-key-server-config = {
-      file = ../secrets/server/git-crypt-key-server-config.age;
-      mode = "0400";
-      owner = "gitea-runner";
-      group = "gitea-runner";
-    };
    # Git-crypt symmetric key for the unified nixos repo.
-    # Added additively in Phase 5 — the two legacy entries above stay until
-    # muffin has deployed this config at least once and the new CI pipeline
-    # is green end-to-end. Phase 6 removes them.
    git-crypt-key-nixos = {
      file = ../secrets/server/git-crypt-key-nixos.age;
      mode = "0400";
--- a/secrets/server/git-crypt-key-dotfiles.age
+++ b/secrets/server/git-crypt-key-dotfiles.age
--- a/secrets/server/git-crypt-key-server-config.age
+++ b/secrets/server/git-crypt-key-server-config.age