From 4b08e874b77cbc3921deba6224a218ee5109b301 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20B=C3=B6hme?= Date: Thu, 3 Nov 2022 21:03:36 +0100 Subject: [PATCH] :rocket: add ssh module --- modules/profiles/desktop.nix | 4 ++++ modules/programs/default.nix | 1 + modules/programs/ssh.nix | 39 ++++++++++++++++++++++++++++++++++++ secrets/secrets.nix | 7 ++++--- secrets/ssh-home.age | 17 ++++++++++++++++ 5 files changed, 65 insertions(+), 3 deletions(-) create mode 100644 modules/programs/ssh.nix create mode 100644 secrets/ssh-home.age diff --git a/modules/profiles/desktop.nix b/modules/profiles/desktop.nix index d8b8e12..3be4db6 100644 --- a/modules/profiles/desktop.nix +++ b/modules/profiles/desktop.nix @@ -81,6 +81,10 @@ with lib; { logseq.enable = true; python.enable = true; rofi.enable = true; + ssh = { + enable = true; + includeSecrets = [ ../../secrets/ssh-home.age ]; + }; spotify.enable = true; thunar.enable = true; zathura.enable = true; diff --git a/modules/programs/default.nix b/modules/programs/default.nix index 02ef7d9..82e2dd4 100644 --- a/modules/programs/default.nix +++ b/modules/programs/default.nix @@ -25,6 +25,7 @@ ./python.nix ./rofi ./spotify.nix + ./ssh.nix ./sway.nix ./thunar.nix ./vim.nix diff --git a/modules/programs/ssh.nix b/modules/programs/ssh.nix new file mode 100644 index 0000000..2c484ae --- /dev/null +++ b/modules/programs/ssh.nix @@ -0,0 +1,39 @@ +{ config +, lib +, pkgs +, ... +}: + +with lib; +let + cfg = config.my.programs.ssh; + + baseName = path: removeSuffix ".age" (baseNameOf path); +in +{ + options.my.programs.ssh = { + enable = mkEnableOption "ssh"; + includeSecrets = mkOption { + default = [ ]; + type = with types; listOf path; + }; + }; + + config = + mkIf cfg.enable + { + age.secrets = listToAttrs (map + (path: { + name = baseName path; + value = { + file = path; + owner = "1000"; + }; + }) + cfg.includeSecrets); + home-manager.users.moritz.programs.ssh = { + enable = true; + includes = map (path: "/run/agenix/" + baseName path) cfg.includeSecrets; + }; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 90e1b43..0862e22 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -11,10 +11,11 @@ let all = users ++ hosts; in { + "github.age".publicKeys = all; + "home-vpn-password.age".publicKeys = all; + "home-vpn.age".publicKeys = all; "nordvpn.age".publicKeys = all; "spotifyd.age".publicKeys = all; - "home-vpn.age".publicKeys = all; - "home-vpn-password.age".publicKeys = all; - "github.age".publicKeys = all; + "ssh-home.age".publicKeys = all; "uni-vpn.age".publicKeys = all; } diff --git a/secrets/ssh-home.age b/secrets/ssh-home.age new file mode 100644 index 0000000..29c1542 --- /dev/null +++ b/secrets/ssh-home.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 CjuqfA wMWvHzKojsGU5q8ElLz2IiwI0NvWZN6rPLL8nvIu9xE +n0FjkxhJTOaG7RF6MEzaAz9ZWiP1trQHdNiaPCc5aCo +-> ssh-ed25519 QRYDmg ChVNe6JXbocNnJnO0Y7XVrW0Tic5V5aIWuxGiG6pXnw +FIDIKw6K0Y+WY5GJV262KTayMwxPCCBXMqXXMQruCPI +-> ssh-ed25519 wG6LYg X/hbVXUoJNAkrgGz5MtyMjYRtBkF+FERXsRg1t8lFio +x7zWga14+MZKbTQxRhoQjeBvuQOoG/uF6ZOW2XSgm/g +-> ssh-ed25519 ZYd7Zg 2ONwuLBf5b3SrCdH+8ZiebO7KBqfKjan1Sw+LX/oTQ4 +bk6LwwvZ/i5UCxUakWA9J4MUT+3ENWMGAZyXpHRFMNI +-> ssh-ed25519 as9VYQ H2i5xdWKf96tzdmTOZ0PHZciuZgSHSYTNxbvcQ3PzDs +LRwILXh0IzTJrXJf2xa97m8cBV6KuvjDPWdeNTRZNdw +-> G(S/7!"#-grease 0y 81:sY?B +r6URopooo8jE5fqfSgjBHWrwDVMa0IwklhiWXsbMzgzBhac8DSDiGMEfXxKAFDFV +GTFSR0sZoA +--- QLqXqFiqJnIc1aMFvU0Giexu9m6E2ESU6kVpiu/vD5I +9v.}rcdnqü7 |nA4H̿P4~ +8m%꥟p'di97>rx\KüeaxD7CtGlsEvŔIc |Cw6G%,%yT᭵8 \ No newline at end of file