41 lines
989 B
Nix
41 lines
989 B
Nix
{ den, ... }:
|
|
{
|
|
lux.ssh = {
|
|
homeManager =
|
|
{ config, pkgs, ... }:
|
|
{
|
|
programs.gpg = {
|
|
enable = true;
|
|
homedir = "${config.xdg.dataHome}/gnupg";
|
|
};
|
|
|
|
services.gpg-agent = {
|
|
enable = true;
|
|
enableSshSupport = true;
|
|
enableZshIntegration = true;
|
|
pinentry.package = pkgs.pinentry-gnome3;
|
|
sshKeys = [
|
|
"CD848796822630B280FC6DFA55F24A20040F22B5"
|
|
"B8FBDFBD7F42C444C17E086E0EE2E34FB43A7187"
|
|
];
|
|
};
|
|
|
|
programs.ssh = {
|
|
enable = true;
|
|
enableDefaultConfig = false;
|
|
includes = [
|
|
"${config.sops.secrets.ssh-config-orion.path}"
|
|
];
|
|
};
|
|
|
|
sops.secrets.ssh-config-orion = { };
|
|
};
|
|
|
|
# Forward ssh agent to root when using sudo
|
|
# Useful for nixos-rebuild when pulling private repos
|
|
nixos.security.sudo.extraConfig = ''
|
|
Defaults env_keep+=SSH_AUTH_SOCK
|
|
'';
|
|
};
|
|
}
|