SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 21:01:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

git: derive ssh-key names from sops secrets file

Browse source
This commit is contained in:
SebastianStork 2025-07-20 18:01:33 +02:00
parent 8a0238af60
commit 8561f6381b
2 changed files with 17 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/home/programs/git.nix
View file

@ -3,11 +3,11 @@
options.custom.programs.git.enable = lib.mkEnableOption ""; options.custom.programs.git.enable = lib.mkEnableOption "";
config = lib.mkIf config.custom.programs.git.enable { config = lib.mkIf config.custom.programs.git.enable {
sops.secrets = { sops.secrets =
"ssh-key/git.sstork.dev".path = "${config.home.homeDirectory}/.ssh/git.sstork.dev"; config.custom.sops.secrets.ssh-key
"ssh-key/github.com".path = "${config.home.homeDirectory}/.ssh/github.com"; |> lib.mapAttrs' (
"ssh-key/code.fbi.h-da.de".path = "${config.home.homeDirectory}/.ssh/code.fbi.h-da.de"; name: _: lib.nameValuePair "ssh-key/${name}" { path = "${config.home.homeDirectory}/.ssh/${name}"; }
}; );
programs = { programs = {
git = { git = {
@ -33,11 +33,9 @@
ssh = { ssh = {
enable = true; enable = true;
matchBlocks = { matchBlocks =
"git.sstork.dev".identityFile = config.sops.secrets."ssh-key/git.sstork.dev".path; config.custom.sops.secrets.ssh-key
"github.com".identityFile = config.sops.secrets."ssh-key/github.com".path; |> lib.mapAttrs (name: _: { identityFile = config.sops.secrets."ssh-key/${name}".path; });
"code.fbi.h-da.de".identityFile = config.sops.secrets."ssh-key/code.fbi.h-da.de".path;
};
}; };
lazygit.enable = true; lazygit.enable = true;

10
modules/home/sops.nix
View file

@ -17,12 +17,20 @@ in
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = moduleArgs.osConfig.networking.hostName or ""; default = moduleArgs.osConfig.networking.hostName or "";
}; };
defaultSopsFile = lib.mkOption {
type = lib.types.path;
default = "${self}/users/${config.home.username}/@${cfg.hostName}/secrets.json";
};
secrets = lib.mkOption {
type = lib.types.anything;
default = cfg.defaultSopsFile |> builtins.readFile |> builtins.fromJSON;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
sops = { sops = {
age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ]; age.sshKeyPaths = [ "${config.home.homeDirectory}/.ssh/id_ed25519" ];
defaultSopsFile = "${self}/users/${config.home.username}/@${cfg.hostName}/secrets.json"; inherit (cfg) defaultSopsFile;
}; };
}; };
} }