archive: repo moved to titaniumtown/nixos

age-secrets: add git-crypt-key-nixos (pre-unify cutover)
Additive. The new unified nixos repo (projects/nixos/) uses a fresh git-crypt key so we can retire the two per-repo keys later. Deploying this change alone makes /run/agenix/git-crypt-key-nixos available on muffin; the nixos CI's git-crypt unlock step can then succeed once the new repo lands on Gitea.
2026-04-18 01:42:47 -04:00 · 2026-04-18 01:19:17 -04:00
3 changed files with 24 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -0,0 +1,15 @@
+# server-config (archived)
+
+This repository has been unified with its sibling `dotfiles` into
+[**titaniumtown/nixos**](https://git.sigkill.computer/titaniumtown/nixos).
+
+The final pre-unification commit is tagged `final-before-unify`.
+
+See the new repo's `README.md` and `AGENTS.md` for:
+
+- current flake layout (hosts: mreow, yarn, muffin)
+- deploy workflow
+- git-crypt / agenix setup
+
+Do **not** push new commits here — CI has been disabled, and muffin's harmonia
+binary-cache no longer serves paths from `/var/lib/dotfiles-deploy/`.
--- a/modules/age-secrets.nix
+++ b/modules/age-secrets.nix
@@ -168,6 +168,15 @@
      group = "gitea-runner";
    };

+    # Git-crypt symmetric key for the new unified nixos repo (Phase 5 of the unify migration).
+    # Added additively here so muffin can decrypt nixos's secrets once Phase 6 cuts CI over.
+    git-crypt-key-nixos = {
+      file = ../secrets/git-crypt-key-nixos.age;
+      mode = "0400";
+      owner = "gitea-runner";
+      group = "gitea-runner";
+    };
+
    # Gitea Actions runner registration token
    gitea-runner-token = {
      file = ../secrets/gitea-runner-token.age;
--- a/secrets/git-crypt-key-nixos.age
+++ b/secrets/git-crypt-key-nixos.age