Move ssh config to secrets

2025-11-29 19:43:21 +01:00
parent b04bfaade8
commit 1cc8ae103e
6 changed files with 19 additions and 8 deletions
--- a/home/programs/ssh/default.nix
+++ b/home/programs/ssh/default.nix
@@ -0,0 +1,9 @@
 { config, ... }:
 {
  programs.ssh = {
    enable = true;
    includes = [
      config.sops.secrets.ssh_config_orion.path
    ];
  };
 }
--- a/hosts/altair/configuration.nix
+++ b/hosts/altair/configuration.nix
@@ -12,7 +12,6 @@
    ../../nixos/users.nix
    ../../nixos/utils.nix
    ../../nixos/hyprland.nix
    ../../nixos/hosts.nix
    # You should let those lines as is
    ./hardware-configuration.nix
--- a/hosts/polaris/configuration.nix
+++ b/hosts/polaris/configuration.nix
@@ -13,7 +13,6 @@
    ../../nixos/utils.nix
    #../../nixos/tailscale.nix
    ../../nixos/hyprland.nix
    ../../nixos/hosts.nix
    #../../nixos/docker.nix
    # You should let those lines as is
--- a/hosts/polaris/home.nix
+++ b/hosts/polaris/home.nix
@@ -35,6 +35,7 @@
    ../../home/programs/todoman
    ../../home/programs/aerc
    ../../home/programs/accounts
    ../../home/programs/ssh
    #../../home/programs/zen-browser
    # Scripts
--- a/hosts/polaris/secrets/default.nix
+++ b/hosts/polaris/secrets/default.nix
@@ -13,7 +13,9 @@
    secrets = {
      radicale_pass = { };
      university_calendar_url = { };
-      # sshconfig = { path = "${config.home.homeDirectory}/.ssh/config"; };
+      ssh_config_orion = {
        mode = "0600";
      };
    };
  };
@@ -22,9 +24,9 @@
      - &primary age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
    creation_rules:
      - path_regex: hosts/polaris/secrets/secrets.yaml$
-      key_groups:
+        key_groups:
-        - age:
+          - age:
-          - *primary
+            - *primary
  '';
  home.packages = with pkgs; [
--- a/hosts/polaris/secrets/secrets.yaml
+++ b/hosts/polaris/secrets/secrets.yaml
@@ -1,5 +1,6 @@
 radicale_pass: ENC[AES256_GCM,data:zdUxtJKNPC8SzajhFKo=,iv:H55GWMiQLJvZx6rAufkk807lZflg0sepxoq6z0XJ/q4=,tag:MoDOuF37PeF7QEpUxBntEg==,type:str]
 university_calendar_url: ENC[AES256_GCM,data:y5UtZVC0KJPUz//6S0QsrNeFGQshc88zieQgmlur75VFw9y5CJpnZRpdhLnYva00z5HBkxYQelLqS/I5GrXexWtC7Y7d1dCcQ+IZ0K7GGJ5NrYtjNXfMhzNSlhqjvl5lBGb+S565kel3VsCTyo/YRxdbBN6FA/oQNsx8/AvTgtsPeFkQRDGlGkybFRfWHWuTIDLL,iv:rZK9utRrm/KAkVRUjC3VR09MvDZjpoLx7BgaidzQo3o=,tag:tGWGoQCsS3zZh818OKixPw==,type:str]
 ssh_config_orion: ENC[AES256_GCM,data:P2jH5BDIzeHSIwTBcZwTOXKes727xK0Xoj9W64GmEszEPZw8vA==,iv:hSY9mFdC82pBbOjMFuzoR2eufhjY2MGERJ4ODmcogbA=,tag:ejF535LrQwwH66nQG3qLGw==,type:str]
 sops:
    age:
        - recipient: age122w85pqj508ukv0rd388mahecgfckmpgnsgz0zcyec37ljae2epsdnvxpl
@@ -11,7 +12,7 @@ sops:
            OFY3bU9JczZyV1dBS3FjWWVLQy9vWG8K9ESUWng+aRzt3Wu9WOYXQIu8ZMsBBYJX
            PBnnSspDusmg1pWrFksA4c6UOEwG0E/l7t6VLssPkWAzJvz3qzBhZg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-29T15:19:14Z"
+    lastmodified: "2025-11-29T18:05:48Z"
-    mac: ENC[AES256_GCM,data:iG5K86rqwzVHhMTsiwKdM3ibaz72SujNOmPmZ1WMFx0pFABsToQN6yKzWPHOKx+gXkIyembV/Y90rpra6HEtsok2doLIfoUMfznHoQqcnV2s07hKnh0V+X0WzRJstNe+EScyoFnr1WxezCBaat8WK79u9LhiYXExlm7w5XDMXfM=,iv:X+aabOZXJ4Iu+hs+O/ZNiD+6we7nV2MjQCpvx2vya9k=,tag:zxxxHa53VMSCxXn+c59M4w==,type:str]
+    mac: ENC[AES256_GCM,data:j0pHRA3c5lRdyLjqxlP2MTzIYb3WYAy7p+FttOjTQpXcyT5dFykXuu8rv+MQTmWdvHLQKC4iuZ7HTSO9qx8SbAuxHBWpoycpy3cZpmFp5T5crCl65AVQ/yRZKD9gRxkhnVW7aAK1kC3Mq07PamznvX/b7eEJ8h3tvmymuw6z/vY=,iv:W430t2YAXVcJztbO+fNdlOyjjy6+cH5r5YwuM2QdIdc=,tag:dDRJSslL9/Hac465A/TstA==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0