From 900416389195320bc633f2740aa33ddedfd69772 Mon Sep 17 00:00:00 2001
From: Thierry Pouplier <thierrypouplier@gmail.com>
Date: Sun, 14 Jun 2026 19:53:40 -0400
Subject: [PATCH] feat: add agenix secret for gortium password on uConsole

- Add gortium_password.age entry in secrets.nix
- Add age.secrets.gortium_password in uConsole config
- Add hashedPasswordFile to existing gortium user
- Add ai-worker user for Hermes SSH access
---
 hosts/uconsole-cm5/configuration.nix | 7 +++++++
 secrets/secrets.nix                  | 3 ++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/hosts/uconsole-cm5/configuration.nix b/hosts/uconsole-cm5/configuration.nix
index 45e4c42..6e879e0 100644
--- a/hosts/uconsole-cm5/configuration.nix
+++ b/hosts/uconsole-cm5/configuration.nix
@@ -43,3 +43,10 @@
       users.ai-worker.main
     ];
   };
+
+  # Age secret for gortium password
+  age.secrets.gortium_password = {
+    file = ../secrets/gortium_password.age;
+  };
+
+  users.users.gortium.hashedPasswordFile = config.age.secrets.gortium_password.path;
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 612ce18..cf42b6c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -8,8 +8,9 @@ let
 in
 {
   "containers.env.age".publicKeys = authorizedKeys;
+  "gortium_password.age".publicKeys = authorizedKeys;
+  "home_wifi.age".publicKeys = authorizedKeys;
   "lazyworkhorse_host_ssh_key.age".publicKeys = authorizedKeys;
   "n8n_ssh_key.age".publicKeys = authorizedKeys;
   "openclaw_gateway_token.age".publicKeys = authorizedKeys;
-  "home_wifi.age".publicKeys = authorizedKeys;
 }