SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 16:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

git: derive ssh-key names from sops secrets file

Browse source
This commit is contained in:
SebastianStork 2025-07-20 18:01:33 +02:00
parent 8a0238af60
commit 8561f6381b
2 changed files with 17 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/home/programs/git.nix
View file

@ -3,11 +3,11 @@
options.custom.programs.git.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.programs.git.enable {
sops.secrets = {
"ssh-key/git.sstork.dev".path = "${config.home.homeDirectory}/.ssh/git.sstork.dev";
"ssh-key/github.com".path = "${config.home.homeDirectory}/.ssh/github.com";
"ssh-key/code.fbi.h-da.de".path = "${config.home.homeDirectory}/.ssh/code.fbi.h-da.de";
};
sops.secrets =
config.custom.sops.secrets.ssh-key
|> lib.mapAttrs' (
name: _: lib.nameValuePair "ssh-key/${name}" { path = "${config.home.homeDirectory}/.ssh/${name}"; }
);
programs = {
git = {
@ -33,11 +33,9 @@
ssh = {
enable = true;
matchBlocks = {
"git.sstork.dev".identityFile = config.sops.secrets."ssh-key/git.sstork.dev".path;
"github.com".identityFile = config.sops.secrets."ssh-key/github.com".path;
"code.fbi.h-da.de".identityFile = config.sops.secrets."ssh-key/code.fbi.h-da.de".path;
};
matchBlocks =
config.custom.sops.secrets.ssh-key
|> lib.mapAttrs (name: _: { identityFile = config.sops.secrets."ssh-key/${name}".path; });
};
lazygit.enable = true;

10
modules/home/sops.nix
View file

@ -17,12 +17,20 @@ in
type = lib.types.nonEmptyStr;
default = moduleArgs.osConfig.networking.hostName or "";
};
defaultSopsFile = lib.mkOption {
type = lib.types.path;
default = "${self}/users/${config.home.username}/@${cfg.hostName}/secrets.json";
};
secrets = lib.mkOption {
type = lib.types.anything;
default = cfg.defaultSopsFile |> builtins.readFile |> builtins.fromJSON;
};
};
config = lib.mkIf cfg.enable {
sops = {
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = "${self}/users/${config.home.username}/@${cfg.hostName}/secrets.json";
inherit (cfg) defaultSopsFile;
};
};
}