From b5f125292fb35f815afbd919acefb6009f5cddef Mon Sep 17 00:00:00 2001
From: cnst <adam@cnst.dev>
Date: Thu, 17 Jul 2025 18:30:44 +0200
Subject: [PATCH] derp 8

---
 modules/nixos/services/agenix/default.nix |  1 +
 modules/server/caddy/default.nix          |  2 +-
 secrets/cloudflareDnsCredentials.age      | 12 ++++++++++++
 secrets/secrets.nix                       |  1 +
 4 files changed, 15 insertions(+), 1 deletion(-)
 create mode 100644 secrets/cloudflareDnsCredentials.age

diff --git a/modules/nixos/services/agenix/default.nix b/modules/nixos/services/agenix/default.nix
index 50fa65c2..e7b5c6a6 100644
--- a/modules/nixos/services/agenix/default.nix
+++ b/modules/nixos/services/agenix/default.nix
@@ -59,6 +59,7 @@ in {
         secrets = {
           cloudflareFirewallApiKey.file = "${self}/secrets/cloudflareFirewallApiKey.age";
           cloudflareDnsApiToken.file = "${self}/secrets/cloudflareDnsApiToken.age";
+          cloudflareDnsCredentials.file = "${self}/secrets/cloudflareDnsCredentials.age";
           vaultwardenCloudflared.file = "${self}/secrets/vaultwardenCloudflared.age";
           vaultwarden-env.file = "${self}/secrets/vaultwarden-env.age";
         };
diff --git a/modules/server/caddy/default.nix b/modules/server/caddy/default.nix
index 831df77c..5afa6f6c 100644
--- a/modules/server/caddy/default.nix
+++ b/modules/server/caddy/default.nix
@@ -30,7 +30,7 @@ in {
         dnsResolver = "1.1.1.1:53";
         dnsPropagationCheck = true;
         group = config.services.caddy.group;
-        environmentFile = config.age.secrets.cloudflareDnsApiToken.path;
+        environmentFile = config.age.secrets.cloudflareDnsCredentials.path;
       };
     };
 
diff --git a/secrets/cloudflareDnsCredentials.age b/secrets/cloudflareDnsCredentials.age
new file mode 100644
index 00000000..f170f339
--- /dev/null
+++ b/secrets/cloudflareDnsCredentials.age
@@ -0,0 +1,12 @@
+age-encryption.org/v1
+-> ssh-ed25519 t9iOEg 4UcR68LQBHIICewKjEzDeZZ2sy/eufapuicsDFZhPVk
+mr81olzsrR/u2MYIOogEFN7f4MEvt+N11w74anyPAIk
+-> ssh-ed25519 KUYMFA LDuAm0y03mKKcrS60fUzSeWV+fUNm9TXBSI42PiBdGk
+LJ+JeQs8SBnQDepY7fXN+Z/9wY80ziMXSX+8Bq9IxUU
+-> ssh-ed25519 76RhUQ k7TibLSrwdreQU7Mnoi1hSkmN93WtUiN8IaVozV4RTA
+CMKfhQ/yIESwupCyIru9hXpMwsQJkv0zXWIN8Fo44gs
+-> ssh-ed25519 Jf8sqw 3riFz9vXLWoWBZGiqDAsD2sEE2l/Ouo9780Ehprn1nI
+fnrYMnIRJdr48edtTFVWHIQF8HJGoCxVBUrX8ki/tgA
+--- 8mBPxqVFbk9PJdW6bREGID6HRwcxH2xdlHDNKw7kdbM
+ä¦ý×][G¤µÖk–PoB‰¿P%#Â7”ã¤73X|7ðŽ6Ã’&’ãî"XŒuÌw}“]_ÿ¡*âß"†tÖ:®˜ênus“™ã
+úS5¿ýQò>ªìAyç
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index c5e1b45e..eef1a776 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,4 +15,5 @@ in {
   "cloudflareFirewallApiKey.age".publicKeys = [cnst kima usobotka rsobotka];
   "vaultwardenCloudflared.age".publicKeys = [cnst kima usobotka rsobotka];
   "cloudflareDnsApiToken.age".publicKeys = [cnst kima usobotka rsobotka];
+  "cloudflareDnsCredentials.age".publicKeys = [cnst kima usobotka rsobotka];
 }