From 8561f6381b14e0c1ce06d774df4e5268d08388de Mon Sep 17 00:00:00 2001
From: SebastianStork <sebastian.stork@pm.me>
Date: Sun, 20 Jul 2025 18:01:33 +0200
Subject: [PATCH] git: derive ssh-key names from sops secrets file

---
 modules/home/programs/git.nix | 18 ++++++++----------
 modules/home/sops.nix         | 10 +++++++++-
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/modules/home/programs/git.nix b/modules/home/programs/git.nix
index 01273ed..7a26239 100644
--- a/modules/home/programs/git.nix
+++ b/modules/home/programs/git.nix
@@ -3,11 +3,11 @@
   options.custom.programs.git.enable = lib.mkEnableOption "";
 
   config = lib.mkIf config.custom.programs.git.enable {
-    sops.secrets = {
-      "ssh-key/git.sstork.dev".path = "${config.home.homeDirectory}/.ssh/git.sstork.dev";
-      "ssh-key/github.com".path = "${config.home.homeDirectory}/.ssh/github.com";
-      "ssh-key/code.fbi.h-da.de".path = "${config.home.homeDirectory}/.ssh/code.fbi.h-da.de";
-    };
+    sops.secrets =
+      config.custom.sops.secrets.ssh-key
+      |> lib.mapAttrs' (
+        name: _: lib.nameValuePair "ssh-key/${name}" { path = "${config.home.homeDirectory}/.ssh/${name}"; }
+      );
 
     programs = {
       git = {
@@ -33,11 +33,9 @@
 
       ssh = {
         enable = true;
-        matchBlocks = {
-          "git.sstork.dev".identityFile = config.sops.secrets."ssh-key/git.sstork.dev".path;
-          "github.com".identityFile = config.sops.secrets."ssh-key/github.com".path;
-          "code.fbi.h-da.de".identityFile = config.sops.secrets."ssh-key/code.fbi.h-da.de".path;
-        };
+        matchBlocks =
+          config.custom.sops.secrets.ssh-key
+          |> lib.mapAttrs (name: _: { identityFile = config.sops.secrets."ssh-key/${name}".path; });
       };
 
       lazygit.enable = true;
diff --git a/modules/home/sops.nix b/modules/home/sops.nix
index 442e39d..73cc8ef 100644
--- a/modules/home/sops.nix
+++ b/modules/home/sops.nix
@@ -17,12 +17,20 @@ in
       type = lib.types.nonEmptyStr;
       default = moduleArgs.osConfig.networking.hostName or "";
     };
+    defaultSopsFile = lib.mkOption {
+      type = lib.types.path;
+      default = "${self}/users/${config.home.username}/@${cfg.hostName}/secrets.json";
+    };
+    secrets = lib.mkOption {
+      type = lib.types.anything;
+      default = cfg.defaultSopsFile |> builtins.readFile |> builtins.fromJSON;
+    };
   };
 
   config = lib.mkIf cfg.enable {
     sops = {
       age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
-      defaultSopsFile = "${self}/users/${config.home.username}/@${cfg.hostName}/secrets.json";
+      inherit (cfg) defaultSopsFile;
     };
   };
 }