feat: add vps with priv key to ssh config

2024-10-22 20:58:59 +02:00 · 2024-10-22 20:58:59 +02:00 · 994434da74
commit 994434da74
parent 4308ec76ed
4 changed files with 40 additions and 9 deletions
--- a/home/default.nix
+++ b/home/default.nix
@ -6,6 +6,21 @@
    inputs.spicetify-nix.nixosModules.default
  ];

+  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
+  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
+
+  age.secrets.access-tokens-github.file = ../secrets/gh.age;
+  age.secrets.obvps-id = {
+    file = ../secrets/1bvps.age;
+    path = "/home/rhea/.ssh/id_1bvps";
+    owner = "rhea";
+    symlink = false;
+  };
+
+  nix.extraOptions = ''
+    !include ${config.age.secrets.access-tokens-github.path}
+  '';
+
  home-manager = {
    useUserPackages = true;
    useGlobalPkgs = true;
@ -33,6 +48,7 @@
        inputs.catppuccin.homeManagerModules.catppuccin
        inputs.spicetify-nix.homeManagerModules.default
        inputs.nix-index-database.hmModules.nix-index
+        inputs.agenix.homeManagerModules.age
        ./hyprland.nix
        ./git.nix
        ./waybar
@ -47,6 +63,7 @@
        ./spicetify.nix
        ./udiskie.nix
        ./keyring.nix
+        ./ssh.nix
      ];

      home.pointerCursor = {
@ -65,14 +82,5 @@
    shell = pkgs.zsh;
  };

-  # TODO: Get a token2 and set up https://github.com/oddlama/agenix-rekey
-  age.identityPaths = [ "/var/lib/persistent/host_id_ed25519" ];
-
-  age.secrets.access-tokens-github.file = ../secrets/gh.age;
-
-  nix.extraOptions = ''
-    !include ${config.age.secrets.access-tokens-github.path}
-  '';
-
  nix.settings.allowed-users = [ "rhea" ];
 }
--- a/home/ssh.nix
+++ b/home/ssh.nix
@ -0,0 +1,14 @@
+{ config, age, ... }:
+{
+  programs.ssh = {
+    enable = true;
+
+    matchBlocks = {
+      "1bvps" = {
+        host = "1bvps";
+        hostname = "178.254.43.196";
+        identityFile = [ "/home/rhea/.ssh/id_1bvps" ];
+      };
+    };
+  };
+}
--- a/secrets/1bvps.age
+++ b/secrets/1bvps.age
@ -0,0 +1,8 @@
+age-encryption.org/v1
+-> ssh-ed25519 7JS6dg Rx58PIoePOwy88y9iiNJDV4GCp+rlNY7oZCKOcvbfiU
+PjKbjgArVPyZqUbWAjcuoINcBy2Wyp70Jox06xJxJag
+--- af4TkBlucpaVjj5D05TnvGImoCKDkVLLGhW4hst9bos
+$v`G‹
[ÈžGVÉÒÐžVGa	Ùâ·àùóý>œGL˜²S’Ch‚Fþ<46> ýc{ Q¾†Þ´Ýx;ƒOT—7òïiÀ¢’¦ˆ&ð>¢ {ÍŸ0¼X0ÒÅUgd¯,
+
|%¼L0¨<30>Ç!®ìQÖ½ˆ#_û_c“xlT—$i<>ÓFï½3¦þÏ»KÙ~ncVÎÙi¢%¡–ÿ°©<K¤ ½?e´¸)g·¯v¢"ù%C™õÆZ.<ò¡<C3B2> °ß”©Ø0 ˆúL;Ôv¹n®ã“ÕÈŸw·Ï„’îdð‡£›\Š9€Ou’ï£Pò›Tê}¶Õ§ó}›n+±ã$æMLjíriF”fÓðkâI›om 7¥Ô×![Æ!>G[~d³ò<>ó;IŽé¢x«é±9eËš7ÕúÞÐ<C39E>ÖL"k}Ô
+ÊFL™—P9iy‘ª¤¦õkÞ<ÿ¢F¢ùâ/ÖÖm!PH¹lE]sþÝBxÃès:M©Ø1èe>ÄÁGb¸q¦ÝOB°jôS6[
+~´8£øÞèñî%óø	Pé§a‰òð°Ûu>×¨ÒY<ÑNb
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -4,4 +4,5 @@ let
 in
 {
  "gh.age".publicKeys = [ rhea-laptop ];
+  "1bvps.age".publicKeys = [ rhea-laptop ];
 }