diff --git a/.gitignore b/.gitignore index d039141..7ae5588 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,7 @@ !modules/ !modules/hyprland/ !modules/nushell/ +!modules/ssh/ !lib/ diff --git a/modules/ssh/config.age b/modules/ssh/config.age new file mode 100644 index 0000000..2145342 Binary files /dev/null and b/modules/ssh/config.age differ diff --git a/modules/ssh.nix b/modules/ssh/default.nix similarity index 84% rename from modules/ssh.nix rename to modules/ssh/default.nix index 76feb7b..0dcdf3e 100644 --- a/modules/ssh.nix +++ b/modules/ssh/default.nix @@ -1,4 +1,11 @@ -{ self, lib, pkgs, ... }: with lib; merge +{ self, config, lib, pkgs, ... }: with lib; merge + +(systemConfiguration { + secrets.sshConfig = { + file = ./config.age; + mode = "444"; + }; +}) (desktopSystemPackages (with pkgs; [ mosh @@ -11,6 +18,8 @@ serverAliveCountMax = 2; serverAliveInterval = 60; + includes = [ config.secrets.sshConfig.path ]; + matchBlocks = { "*" = { setEnv.COLORTERM = "truecolor"; diff --git a/secrets.nix b/secrets.nix index 8ef602e..64116c9 100644 --- a/secrets.nix +++ b/secrets.nix @@ -1,5 +1,7 @@ let keys = import ./keys.nix; + + all = builtins.attrValues keys; in with keys; { ### cube "hosts/cube/id.age".publicKeys = [ cube enka ]; @@ -28,6 +30,6 @@ in with keys; { "hosts/enka/password.said.age".publicKeys = [ enka ]; ### shared - - "hosts/password.acme.age".publicKeys = [ cube disk enka ]; + "hosts/password.acme.age".publicKeys = all; + "modules/ssh/config.age".publicKeys = all; }