Add secret SSH host configurations

.gitignore

@@ -19,6 +19,7 @@
 !modules/
 !modules/hyprland/
 !modules/nushell/
+!modules/ssh/
 
 !lib/
 

modules/ssh/default.nix

@@ -1,4 +1,11 @@
-{ self, lib, pkgs, ... }: with lib; merge
+{ self, config, lib, pkgs, ... }: with lib; merge
+
+(systemConfiguration {
+  secrets.sshConfig = {
+    file = ./config.age;
+    mode = "444";
+  };
+})
 
 (desktopSystemPackages (with pkgs; [
   mosh
@@ -11,6 +18,8 @@
     serverAliveCountMax = 2;
     serverAliveInterval = 60;
 
+    includes = [ config.secrets.sshConfig.path ];
+
     matchBlocks = {
       "*" = {
         setEnv.COLORTERM = "truecolor";

secrets.nix

@@ -1,5 +1,7 @@
 let
   keys = import ./keys.nix;
+
+  all = builtins.attrValues keys;
 in with keys; {
   ### cube
   "hosts/cube/id.age".publicKeys           = [ cube enka ];
@@ -28,6 +30,6 @@ in with keys; {
   "hosts/enka/password.said.age".publicKeys  = [ enka ];
 
   ### shared
-
-  "hosts/password.acme.age".publicKeys = [ cube disk enka ];
+  "hosts/password.acme.age".publicKeys = all;
+  "modules/ssh/config.age".publicKeys  = all;
 }