2 files changed, 4 insertions, 2 deletions

diff --git a/krebs/3modules/tv/default.nix b/krebs/3modules/tv/default.nix
index 4c295dffe..302d1a92c 100644
--- a/krebs/3modules/tv/default.nix
+++ b/krebs/3modules/tv/default.nix
@@ -158,7 +158,8 @@ with lib;
         };
       };
       secure = true;
-      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
+      ssh.privkey.path = <secrets/ssh.id_ed25519>;
+      ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMPMh3nHxVcPqM+LrkK7eYxNJY1ShBXOTg1vlSR45wx";
     };
     ok = {
       nets = {
diff --git a/krebs/default.nix b/krebs/default.nix
index 31a7f7d04..bfd6175d9 100644
--- a/krebs/default.nix
+++ b/krebs/default.nix
@@ -84,6 +84,7 @@ let out = {
 
       cat<<EOF
       # put following into config.krebs.hosts.$system:
+      ssh.privkey.path = <secrets/ssh.$key_type>;
       ssh.pubkey = $(echo $pubkey | jq -R .);
       EOF
     '';
@@ -178,7 +179,7 @@ let out = {
 
       nix-path =
         lib.concatStringsSep ":"
-          (lib.mapAttrsToList (name: _: "${name}=/root/${name}")
+          (lib.mapAttrsToList (name: src: "${name}=${src.target-path}")
             (config.krebs.build.source.dir //
              config.krebs.build.source.git));
     in ''