diff --git a/home/programs/ssh/default.nix b/home/programs/ssh/default.nix new file mode 100644 index 0000000..c9f2438 --- /dev/null +++ b/home/programs/ssh/default.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + programs.ssh = { + enable = true; + includes = [ + config.sops.secrets.ssh_config_orion.path + ]; + }; +} diff --git a/hosts/altair/configuration.nix b/hosts/altair/configuration.nix index 17b350f..615b431 100644 --- a/hosts/altair/configuration.nix +++ b/hosts/altair/configuration.nix @@ -12,7 +12,6 @@ ../../nixos/users.nix ../../nixos/utils.nix ../../nixos/hyprland.nix - ../../nixos/hosts.nix # You should let those lines as is ./hardware-configuration.nix diff --git a/hosts/polaris/configuration.nix b/hosts/polaris/configuration.nix index cb6be49..57e06e5 100644 --- a/hosts/polaris/configuration.nix +++ b/hosts/polaris/configuration.nix @@ -13,7 +13,6 @@ ../../nixos/utils.nix #../../nixos/tailscale.nix ../../nixos/hyprland.nix - ../../nixos/hosts.nix #../../nixos/docker.nix # You should let those lines as is diff --git a/hosts/polaris/home.nix b/hosts/polaris/home.nix index 1e84e0c..958e5a4 100644 --- a/hosts/polaris/home.nix +++ b/hosts/polaris/home.nix @@ -35,6 +35,7 @@ ../../home/programs/todoman ../../home/programs/aerc ../../home/programs/accounts + ../../home/programs/ssh #../../home/programs/zen-browser # Scripts diff --git a/hosts/polaris/secrets/default.nix b/hosts/polaris/secrets/default.nix index 4fdf2fe..d6f8cda 100644 --- a/hosts/polaris/secrets/default.nix +++ b/hosts/polaris/secrets/default.nix @@ -13,7 +13,9 @@ secrets = { radicale_pass = { }; university_calendar_url = { }; - # sshconfig = { path = "${config.home.homeDirectory}/.ssh/config"; }; + ssh_config_orion = { + mode = "0600"; + }; }; }; @@ -22,9 +24,9 @@ - &primary age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl creation_rules: - path_regex: hosts/polaris/secrets/secrets.yaml$ - key_groups: - - age: - - *primary + key_groups: + - age: + - *primary ''; home.packages = with pkgs; [ diff --git a/hosts/polaris/secrets/secrets.yaml b/hosts/polaris/secrets/secrets.yaml index 068e336..60dba90 100644 --- a/hosts/polaris/secrets/secrets.yaml +++ b/hosts/polaris/secrets/secrets.yaml @@ -1,5 +1,6 @@ radicale_pass: ENC[AES256_GCM,data:zdUxtJKNPC8SzajhFKo=,iv:H55GWMiQLJvZx6rAufkk807lZflg0sepxoq6z0XJ/q4=,tag:MoDOuF37PeF7QEpUxBntEg==,type:str] university_calendar_url: ENC[AES256_GCM,data:y5UtZVC0KJPUz//6S0QsrNeFGQshc88zieQgmlur75VFw9y5CJpnZRpdhLnYva00z5HBkxYQelLqS/I5GrXexWtC7Y7d1dCcQ+IZ0K7GGJ5NrYtjNXfMhzNSlhqjvl5lBGb+S565kel3VsCTyo/YRxdbBN6FA/oQNsx8/AvTgtsPeFkQRDGlGkybFRfWHWuTIDLL,iv:rZK9utRrm/KAkVRUjC3VR09MvDZjpoLx7BgaidzQo3o=,tag:tGWGoQCsS3zZh818OKixPw==,type:str] +ssh_config_orion: ENC[AES256_GCM,data:P2jH5BDIzeHSIwTBcZwTOXKes727xK0Xoj9W64GmEszEPZw8vA==,iv:hSY9mFdC82pBbOjMFuzoR2eufhjY2MGERJ4ODmcogbA=,tag:ejF535LrQwwH66nQG3qLGw==,type:str] sops: age: - recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl @@ -11,7 +12,7 @@ sops: OFY3bU9JczZyV1dBS3FjWWVLQy9vWG8K9ESUWng+aRzt3Wu9WOYXQIu8ZMsBBYJX PBnnSspDusmg1pWrFksA4c6UOEwG0E/l7t6VLssPkWAzJvz3qzBhZg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-29T15:19:14Z" - mac: ENC[AES256_GCM,data:iG5K86rqwzVHhMTsiwKdM3ibaz72SujNOmPmZ1WMFx0pFABsToQN6yKzWPHOKx+gXkIyembV/Y90rpra6HEtsok2doLIfoUMfznHoQqcnV2s07hKnh0V+X0WzRJstNe+EScyoFnr1WxezCBaat8WK79u9LhiYXExlm7w5XDMXfM=,iv:X+aabOZXJ4Iu+hs+O/ZNiD+6we7nV2MjQCpvx2vya9k=,tag:zxxxHa53VMSCxXn+c59M4w==,type:str] + lastmodified: "2025-11-29T18:05:48Z" + mac: ENC[AES256_GCM,data:j0pHRA3c5lRdyLjqxlP2MTzIYb3WYAy7p+FttOjTQpXcyT5dFykXuu8rv+MQTmWdvHLQKC4iuZ7HTSO9qx8SbAuxHBWpoycpy3cZpmFp5T5crCl65AVQ/yRZKD9gRxkhnVW7aAK1kC3Mq07PamznvX/b7eEJ8h3tvmymuw6z/vY=,iv:W430t2YAXVcJztbO+fNdlOyjjy6+cH5r5YwuM2QdIdc=,tag:dDRJSslL9/Hac465A/TstA==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0