From 11f2227514edf3bd7f7e5d78c00a72039d73d920 Mon Sep 17 00:00:00 2001
From: RGBCube <git@rgbcu.be>
Date: Tue, 30 Apr 2024 12:56:07 +0300
Subject: [PATCH] Add secret SSH host configurations

---
 .gitignore                           |   1 +
 modules/ssh/config.age               | Bin 0 -> 916 bytes
 modules/{ssh.nix => ssh/default.nix} |  11 ++++++++++-
 secrets.nix                          |   6 ++++--
 4 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 modules/ssh/config.age
 rename modules/{ssh.nix => ssh/default.nix} (84%)

diff --git a/.gitignore b/.gitignore
index d039141..7ae5588 100644
--- a/.gitignore
+++ b/.gitignore
@@ -19,6 +19,7 @@
 !modules/
 !modules/hyprland/
 !modules/nushell/
+!modules/ssh/
 
 !lib/
 
diff --git a/modules/ssh/config.age b/modules/ssh/config.age
new file mode 100644
index 0000000000000000000000000000000000000000..21453426a8a496c0108933f7264d19db5daa33bc
GIT binary patch
literal 916
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUFE{ZY;DOV^mOV_q2
zPmD}<am%;NaS01e_e%`V&In4aC`v5S4-Y8R_Q@zHGtBTQcjPk9E%R_RO*e3M^)WAu
zNJ%NtHj41A^7ctCO*Bt-%PX-6wX877G%eEBFGshnxWLUV&{4tNEVL}iGQy)W*{syb
z*vQNv$gIjkyUNck&B)6m(J{bPzal-V#52M%qMXZJ+cGWJ&{#j))VNAN%&*Kd$fwe<
z+{sfrsxrsO*U+fasH)00z`R^LA{k~|QE{R|RzPB?aUfT^uV;>TVVIj&P`0IZiAjEO
zM820rZgy2^r9rU2W2s@5e@0qZl7CcYer2k0c0_nlhQ3L5ZiGpcuZ6#ti?b0|X^@Gz
zcU6*Gpm&<HfoDo-QdFg3Ri3#;x?6@*Kx$xCRdP<CnP+yGk$#|Gd7!6%ZiIGPQfYCT
zduC)&YH5@?musT4kyDU!Vv2!hxS>f#X+~5*j(4zuS-H1yxKU!7dzNRYWr1;qnTLy~
zdxT%1Tey39L4=`GR*<8Uhkl-4F;}u#W}u@}ZeWOaRen;LfwxISfSaj)Vyb?jlV56(
zdtk7?S)@^}zma!hvQb&GiFb~%YebHRb7iGjsdIQrXe3vuX_ZN4vY(5Ixk+kLX?S^P
zp^>?-d49NSRH}1Ta$<gRT9T!uc~XE`mRYWab9z`&WT>&ZerbMXR(6(uMuj_<i&2z?
zhlj75epzaAVugv3i$PRXU`nD_ewwpWc~)|or<q|+V76m;p?8s+L9wera7dQ6epYf~
zL8-4>PF1=QS7NGTxMzueU~Xt=cyLg8P@rFCiMd%&Nv2_-QEpUNmWhW~rdyg*WTBg7
za!IPUe!91Xn`dxtVo7M4Q(0cJGna?2UzSBsW>8^Jk!hAwc~Y^fNkv+jadxPmewlV!
zesG?7VrhtZrh8_gcA;lMg>i_Zr%7a(Sypy|X;FYnYBCp>uCA^^URa2Jgh7&<iK%%;
zKvr0$iJ@C$a!Q6}qIW^0M^cWqUzLAZgkNBpaj+|w&*!tz46oNO3V!ywae|<x*V+XW
zxK0%o_H6uj{gRbq+*<d~Y_comm*q>GK5b)kcx#N^0sV!CvkvfWUUGr;(*Eeo*O6+)
YY%wbmmJ9ZOU$k;nC_}@}H)d6H0rTxPrvLx|

literal 0
HcmV?d00001

diff --git a/modules/ssh.nix b/modules/ssh/default.nix
similarity index 84%
rename from modules/ssh.nix
rename to modules/ssh/default.nix
index 76feb7b..0dcdf3e 100644
--- a/modules/ssh.nix
+++ b/modules/ssh/default.nix
@@ -1,4 +1,11 @@
-{ self, lib, pkgs, ... }: with lib; merge
+{ self, config, lib, pkgs, ... }: with lib; merge
+
+(systemConfiguration {
+  secrets.sshConfig = {
+    file = ./config.age;
+    mode = "444";
+  };
+})
 
 (desktopSystemPackages (with pkgs; [
   mosh
@@ -11,6 +18,8 @@
     serverAliveCountMax = 2;
     serverAliveInterval = 60;
 
+    includes = [ config.secrets.sshConfig.path ];
+
     matchBlocks = {
       "*" = {
         setEnv.COLORTERM = "truecolor";
diff --git a/secrets.nix b/secrets.nix
index 8ef602e..64116c9 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -1,5 +1,7 @@
 let
   keys = import ./keys.nix;
+
+  all = builtins.attrValues keys;
 in with keys; {
   ### cube
   "hosts/cube/id.age".publicKeys           = [ cube enka ];
@@ -28,6 +30,6 @@ in with keys; {
   "hosts/enka/password.said.age".publicKeys  = [ enka ];
 
   ### shared
-
-  "hosts/password.acme.age".publicKeys = [ cube disk enka ];
+  "hosts/password.acme.age".publicKeys = all;
+  "modules/ssh/config.age".publicKeys  = all;
 }