feat: add vps with priv key to ssh config

2024-10-22 20:58:59 +02:00 · 2024-10-22 20:58:59 +02:00 · 994434da74
commit 994434da74
parent 4308ec76ed
4 changed files with 40 additions and 9 deletions
--- a/home/default.nix
+++ b/home/default.nix
@ -6,6 +6,21 @@
    inputs.spicetify-nix.nixosModules.default
  ];
  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
  age.secrets.access-tokens-github.file = ../secrets/gh.age;
  age.secrets.obvps-id = {
    file = ../secrets/1bvps.age;
    path = "/home/rhea/.ssh/id_1bvps";
    owner = "rhea";
    symlink = false;
  };
  nix.extraOptions = ''
    !include ${config.age.secrets.access-tokens-github.path}
  '';
  home-manager = {
    useUserPackages = true;
    useGlobalPkgs = true;
@ -33,6 +48,7 @@
        inputs.catppuccin.homeManagerModules.catppuccin
        inputs.spicetify-nix.homeManagerModules.default
        inputs.nix-index-database.hmModules.nix-index
        inputs.agenix.homeManagerModules.age
        ./hyprland.nix
        ./git.nix
        ./waybar
@ -47,6 +63,7 @@
        ./spicetify.nix
        ./udiskie.nix
        ./keyring.nix
        ./ssh.nix
      ];
      home.pointerCursor = {
@ -65,14 +82,5 @@
    shell = pkgs.zsh;
  };
  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
  age.secrets.access-tokens-github.file = ../secrets/gh.age;
  nix.extraOptions = ''
    !include ${config.age.secrets.access-tokens-github.path}
  '';
  nix.settings.allowed-users = [ "rhea" ];
 }
--- a/home/ssh.nix
+++ b/home/ssh.nix
@ -0,0 +1,14 @@
 { config, age, ... }:
 {
  programs.ssh = {
    enable = true;
    matchBlocks = {
      "1bvps" = {
        host = "1bvps";
        hostname = "178.254.43.196";
        identityFile = [ "/home/rhea/.ssh/id_1bvps" ];
      };
    };
  };
 }
--- a/secrets/1bvps.age
+++ b/secrets/1bvps.age
@ -0,0 +1,8 @@
 age-encryption.org/v1
 -> ssh-ed25519 7JS6dg Rx58PIoePOwy88y9iiNJDV4GCp+rlNY7oZCKOcvbfiU
 PjKbjgArVPyZqUbWAjcuoINcBy2Wyp70Jox06xJxJag
 --- af4TkBlucpaVjj5D05TnvGImoCKDkVLLGhW4hst9bos
 $v`G‹
[ÈžGVÉÒÐžVGa	Ùâ·àùóý>œGL˜²S’Ch‚Fþ<46> ýc{ Q¾†Þ´Ýx;ƒOT—7òïiÀ¢’¦ˆ&ð>¢ {ÍŸ0¼X0ÒÅUgd¯,
 
|%¼L0¨<30>Ç!®ìQÖ½ˆ#_û_c“xlT—$i<>ÓFï½3¦þÏ»KÙ~ncVÎÙi¢%¡–ÿ°©<K¤ ½?e´¸)g·¯v¢"ù%C™õÆZ.<ò¡<C3B2> °ß”©Ø0 ˆúL;Ôv¹n®ã“ÕÈŸw·Ï„’îdð‡£›\Š9€Ou’ï£Pò›Tê}¶Õ§ó}›n+±ã$æMLjíriF”fÓðkâI›om 7¥Ô×![Æ!>G[~d³ò<>ó;IŽé¢x«é±9eËš7ÕúÞÐ<C39E>ÖL"k}Ô
 ÊFL™—P9iy‘ª¤¦õkÞ<ÿ¢F¢ùâ/ÖÖm!PH¹lE]sþÝBxÃès:M©Ø1èe>ÄÁGb¸q¦ÝOB°jôS6[
 ~´8£øÞèñî%óø	Pé§a‰òð°Ûu>×¨ÒY<ÑNb
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -4,4 +4,5 @@ let
 in
 {
  "gh.age".publicKeys = [ rhea-laptop ];
  "1bvps.age".publicKeys = [ rhea-laptop ];
 }