Store ceph secret key in age

This allows a node to mount the ceph FS without any extra ceph
configuration in /etc/ceph.

m/hut/ceph.nix

@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 
 {
   environment.systemPackages = [ pkgs.ceph-client ];
@@ -7,8 +7,14 @@
   # modprobe command.
   boot.kernelModules = [ "ceph" ];
 
+  age.secrets."secrets/ceph-user".file = ./secrets/ceph-user.age;
+
   fileSystems."/ceph" = {
     fsType = "ceph";
-    device = "animal@9c8d06e0-485f-4aaf-b16b-06d6daf1232b.cephfs=/";
+    device = "user@9c8d06e0-485f-4aaf-b16b-06d6daf1232b.cephfs=/";
+    options = [
+      "mon_addr=10.0.40.40"
+      "secretfile=${config.age.secrets."secrets/ceph-user".path}"
+    ];
   };
 }

m/hut/secrets.nix

@@ -7,4 +7,5 @@ in
 {
   "secrets/ovni-token.age".publicKeys = default;
   "secrets/nosv-token.age".publicKeys = default;
+  "secrets/ceph-user.age".publicKeys = default;
 }

m/hut/secrets/ceph-user.age

@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 CAWG4Q 35Ak+Mep9k5KnDLF1ywDbMD4l4mRFg6D0et19tqXxAw
+Wgr+CX4rzrPmUszSidtLAVSvgD80F2dqtd92hGZIFwo
+-> ssh-ed25519 MSF3dg OVFvpkAyWTowtxsafstX31H/hJpNZmnOCbvqMIN0+AQ
+VxjRcQmp+BadEh2y0PB96EeizIl3tTQpVu0CWHmsc1s
+-> ssh-ed25519 HY2yRg MJSQIpre9m0XnojgXuKQ/+hVBZNrZNGZqplwhqicpjI
+CLkE52iqpoqSnbzisNjQgxTfNqKeaRl5ntcw1d+ZDyQ
+-> m$8`De%~-grease '85p}`by
+52zMpprONcawWDDtzHdWNwFoYXErPUnVjhSONbUBpDlqAmJmD1LcAnsU
+--- 0vZOPyXQIMMGTwgFfvm8Sn8O7vjrsjGUEy5m/BASCyc
+È| üœ)‡<>ËëË*_ËDóUS`<06><>‹àŠèr Âs<C382>¢NªÈ[ÖŒ^e+A1œ“G.í#âù°m˜¸Wß ’5·àƒµ(