Compare commits

...

8 Commits

6 changed files with 52 additions and 53 deletions

View File

@ -68,13 +68,5 @@ in
};
};
};
sops.secrets =
let home = config.home.homeDirectory;
in lib.mkIf sops {
"private_keys/personal_git" = {
path = "${home}/.ssh/personal_git";
};
};
};
}

View File

@ -3,6 +3,9 @@
let
cfg = config.snowhawk.ssh;
sops = config.snowhawk.sops.enable;
secrets = config.sops.secrets;
ifSops = lib.mkIf sops;
in
{
options.snowhawk.ssh = {
@ -11,41 +14,41 @@ in
homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";
};
config = lib.mkIf cfg.enable {
config =
let sshDir = config.home.homeDirectory + "/.ssh";
in lib.mkIf cfg.enable {
programs.ssh = {
enable = true;
includes = [
"conf.d/*"
];
includes = [ "conf.d/*" ];
matchBlocks = {
"git.zynh.me" = {
hostname = "git.zynh.me";
user = "git";
port = 2221;
identityFile = "${config.home.homeDirectory}/.ssh/personal_git";
identityFile = ifSops secrets."private_keys/personal_git".path;
};
msiserver = {
hostname = "scarlet.zynh.me";
user = "zynh";
identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
identityFile = ifSops secrets."private_keys/msiserver".path;
};
"msiserver.local" = lib.mkIf cfg.homeNetwork {
hostname = "msiserver";
user = "zynh";
identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
identityFile = ifSops secrets."private_keys/msiserver".path;
};
caveserver = {
identityFile = "${config.home.homeDirectory}/.ssh/caveserver";
identityFile = ifSops secrets."private_keys/caveserver".path;
};
};
};
sops.secrets =
let home = config.home.homeDirectory;
in lib.mkIf sops {
"private_keys/msiserver".path = "${home}/.ssh/msiserver";
"private_keys/caveserver".path = "${home}/.ssh/caveserver";
"ssh_hosts/caveserver".path = "${home}/.ssh/conf.d/caveserver_config";
sops.secrets = ifSops {
"private_keys/msiserver" = { };
"private_keys/caveserver" = { };
"private_keys/personal_git" = { };
"ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config";
};
};
}

View File

@ -108,6 +108,9 @@
killall
];
# Enable trash:/// support
services.gvfs.enable = true;
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.openFirewall = true;

View File

@ -72,6 +72,7 @@ in
# dotnet-sdk_8
pcmanfm
nomacs
];
home.file = { };

View File

@ -1,14 +1,14 @@
{ lib, ... }:
let
dirEntries = builtins.removeAttrs (builtins.readDir ./.) [ "default.nix" ];
moduleEntries = lib.attrsets.filterAttrs (n: v: v == "regular") dirEntries;
moduleNames = builtins.attrNames moduleEntries;
modulePaths = builtins.map (name: ./${name}) moduleNames;
in
{
imports = [
./dwm.nix
./i18n.nix
./audio.nix
./env.nix
./syncthing.nix
./plymouth.nix
];
imports = modulePaths;
snowhawk.i18n.enable = lib.mkDefault true;
snowhawk.audio.enable = lib.mkDefault true;

View File

@ -3,7 +3,7 @@ private_keys:
msiserver: ENC[AES256_GCM,data:WPfERytAHOgvEpAs1neYMlV1tc6gJUPlYuW7iak9/UNEguNR3UlNB2OLHGYlpnPjH9hIOsUzxBNoE+kTI2atm1kZzIkzHCuJyn/CMaW61dPY+kvv/oiKSr/eqOLY7WLnniQysWih8zjtbb0DUoVfT9UujuWLaE92F9y7ZWyfz61Kf9BgyUF9xBkmwfOYnOs0ugnslm42jLh+qpw+2N2CqG5aqmBJzXp8fZfHmT5+wYTlKK4yb3vfXejcFQ37aLZwimJ9qn2Kfa4X6h1U9yerrNnOWhc0WC+1X3G1HKTlEF/yHTnIbSysxIYFdGPgzxFaw7Tyh2KhCJVOuPAJPmq7ms+lgpmS/Tr6ZdGF9XPGufT+UiiYFdK0zQYDz5A7qoDaOmztzFHhCtAmo6MvBUt2c4j03mT+KHkn9qFaQ1M/6EMp0KcL7Wt3bKLOC3kkbU9kMrahxhYTC7vTc33kZuvSsbTBnVJTAZM2vhIsOd2DtJzBdbTNXwpLqo5elQ8GuOBec84dAnYGs7etekn4GpuI0OayAlSoGdmGK6qmfBTZm62zuTadF/JBCKQU6sFyw1IfCO6fTSibQ/L7eqn8HF/pDG1+v+XHYYzv56gZHgIY78XB27phEbB+n7KFGHYw8RYDWHGsgZrR93ZRoVG5RXo/cx0+GqZHxEf+xHtrO6G4cKq8rIlvGcLMp6gWLrJRhZ4qObzpk5i/TRQH8qGeB5ZDzDkGmWwJV2xAmDuJnCSAmv1vVVDHPwAT5NfmJS4PXmTeDNBGLX/xf+tXFLI5fWhqAEynutVv5yavSxfOZ0a8+y7Ks0TbOaxwcCjWtJpmTmMLnROY1cEzre/tdxDA3TKJgLvqM05qN44MmS9ZDb3DDTiVAfDjjoKJt3XTTj3T3pbI4GIxapoKvLuQr/bWWwA2Ho5WXV8uCL0HBkuHSX5nTElnTWGbDznQOqnT4NlXRFTE17WYyoL1O8iv9s1QNHoBl89DrNfnAD5PeMU8zfXOHEH9UPSfniMvK0SxfaP6hZ2dx/VJyuby/ZMkbha9T0tXA3BQdqrB7D2qng8t62cywDhIIiXK1L2XIuVCewjEgmtFlG+MjDTW62y1cXjiAf8UzoxYIjvbsiDS0f75cAEpNnof8sbuGRFFnv8MF/8D16KWW1mUC6tH+nta260JgM4N2Coep8hzH5FE6BDrn/2pggycTWO7nkZQR+70p3F9POeokAiXee88z3yuddfP4ZBA4y7qLYfsImDkZBFHWinDD5BNKb9Ows/YbvtYJkykbR60hMPIVJdPIB2kFdOOAjHd5dDOtNiwLU3IEQCjAy+tFndnsTjQCqIq0zkm7O0bHedIWv3gequSaxvcG9pixtbCSCOLeqebzONb+MGQl7d/pgPCU3YL9dGh7YAfeT0X05tY9YOUqoBxFT5kCzz0pdkkYe2GMXxMAvTAdHfC1joqFvaO8hJ7FE38hCyDr+LWDDCjz8zI4nYP90BtiW16A/P1jmdXwkqaYdEmeNjOpIJAjvpzndRtW+t0M/ip1BJLL33h+Zk5Va23Th7BNfC/aGCyOv8PytteN4Cnvq1z8giY2vQ582uZz6Wi/oQKcTp6p7zNcy/cFQtgRWv1BSrZJGptvhQXobEO8VdHwKjgR0R1DYlIDYXb7fK3dvedttNjhwhyghfr8XfWoaDQKRYNwWBMC5eE4ikCUH+QXa4z7aqRDlUCum+sG8I6ZZ6xsEmTDH/GZ2lpgGDlHrC2yEQQBRRhJQ9VONnT/GMYxMUGg2NDDRcAuGxAcfXiN7mNbj0AmF0xBEIrxGQHjN64YTTDKltjad7GelzqRQNHV4DBl+5tzD3gTFovNPKzBhA73BLngK411DFi+fhr5nx7mWv2VtGz5mx01ShJhRQwZSR7dTG4Bb3vsFTljEDy9Qu6GrMXKBOzbJRtbGDZzx3KFiDNzHIPyd75/3Fn+CseBzHY3R1rOmfyCFlyP8yXpQBfsftTfPThrOXGQDu+lk8JtxR1dpVCJyl9bW0cFoZYoeUGbny4NpuUOeeDzfct1tf1WOhC4iRnGEorLpsAKiQTFekes6t/+iZJqZ8G7A2QtetO0o1MkYwJZR+4scr5PK5//ibbHY/bV6ubVOVbRLpqUChlPGcHP8e9MuRGxbH5hsFx8FlQDCNSGJetqtt0ygJtdvV3LCelDmhHqwM7t0LKVzrvpkw4l8wO4qhwUobRHgI6A0wEe8jgzpM4a5ZYas7aC46ie/sRBWBY33yrXTkL3kURD4pxmBs6b235A7JnHCDGxERBE/5yJ3IWmf7YNxACKBcRqxGtqgg6RDCcSC+spTG3rqMOQXYJP+JhSArv4yReGF6WgWtmFebXsI4TME42S8coomys0wcv9nB4+15GpSDtEN86YKT57XlcsTSI/tS8xdCnFMTAVuZOJ9Uyb9kMLP216lV5cp6RXj6IjAQ9GJjW2rCnBAJ4ejERW8ZJi3a4kBbrRoKY+Pp3F3kH/RrzJySFmsaIASWjujfRYqJzx2aY6pBpzjDsquv7QgsHWeSxKZGrJU9nU4puJeQzus9nmQPMrpmCyj+74Z/7015d7NZgh8zuqRPvIS8Hd2vQmE7zepMklFkhzT7H9kjIDmuitxvm4GDEYw+DQctfXe6m3LpOoiKnB1FN+AgH9AIxbz7Vs6ObyTDpK24u9IkfUuQAP2ImvyEpb0Sbh9eDLhN+tLdiY7rC7e0JaxoM0N6ARpxXylhLznuXNB03PfT0sa8XRwBqWpfhYIAJe7+su3NdBd6fmwpsNDbnNbDWwsWVUO33X4w5s3xZn6P+augAJA57stmX0xD/UZG+y84kkrF/YLtFJ9GJYzbrJD2AdJj1zbMpTeIuoE+aSnoB2xQzBQwWUp2qodAcIEisCRhD2UwdP6P+GhSyf43vW/eIeyfL+3aSXxQ2RkaHPZAXucxh8DCpT0vFF68XSuUf2iQnmX0thVUCSS4D063DPtBOQ9u2gC8ZnL9uyl27OI8Vr36L6nR+XnkV+/XkpgkVpj8ianjkM/IsqN9KQZUjgIkR7fenl0UalaJ9UcTspLfkNU67rTbhcJ9+G/QCguJ5I9ovJSS5k4u0t8SE0ZelRyC7j8xh5yT9l/GaoWuQryID145vR2Qf5jmR9H34mDhQigB713+7mjqoLGkorrhrZqLIDO94SRDJhUUn5nqCQmuwz9T22p9xqjpzwk9XGWsTN3+Mvku+OdpZWkVNwfWPJO2ShEcfQIBBykMO1gN1N8RbusFzCJfKCER7Rq2bnm31g+hby6Xms3pmW+Xg9jNj9HParuWewYx4nTLdGR+c5aufVp3xRpgSMD5w9uQIDebiuss8eFR64GcMlG90cC6ewHjS+68P/Rfnd24XawFNm4hu11TvA6zSjK6h6J4YehPzdnEUFFz5bh26AJkcnTN8svwcUW8etq8X9yN+W4UWFxtZNdNoLT2XD6v4C7TNhIugA4h9MIkxdA==,iv:QD0B2ymlqkSAV1wEAQyJAomxpIj+ydeikTJmVhxpxBo=,tag:zbXmhxabQwLgkPxavodHxQ==,type:str]
caveserver: ENC[AES256_GCM,data:bf3+bhbbX08NPk31Wy26ZsYzUIg2fv7SjWZ73CEOPTQZf8yLy32A63oJX71qtPIj6PcpbsHfrYGMKYHuMUYr5N9fYDhiXEbesAt1nX9HOsq0UwYSl7HWucRHkorkIq09r5oVB4CWoYEj6/2HmZhbYJgEZdMptActi3+eRobgjTdqtq4Q8K0tp9X3VeE2Ca/M17DEz9y93aMKunXbD38jS+zZs0SI1OtyC0V9MenAtiiadBznexq6IVwsp/4mcAiv0udFn7lwCYpPPsSKoCjFYfNIPu/0rCIEag3/bdJHPJA0fng37E4ZGA3ZCwy4PhaJ88kJBAqLJ8u1mQ+UGNFtZBaqww+RIAStkq958tYoyZaI4C+E+XpGRs6FsthN9lsJZ1skiT41vxsfb9+M2sELv+Jm9xDkHJr7+pjtGkN2xEvWS/DrzsKxl4qCw+ZkyE5VNS7vW+gfM+7XieooxXJlQEihlYWflRd1aikYfEizXXWaM6XlLsHtFYEmtQMvesB8XCeoCVT47XgGNqmaNFEEo6Pdl5ke6WO4Gi5K,iv:FZWDaT+ernolWiLZbE67g9JWNCgCwdUyglv8cwAeFO0=,tag:emCa72E1HIjU6+PAJvICcQ==,type:str]
ssh_hosts:
caveserver: ENC[AES256_GCM,data:Fm86oJgeHD/dVqYRKny2/GC7nr3UuR54W46RbS7qgb0UhDsoUkoorIFw+orNhVvHouCc//WtGPCzRFca8u/pkQ9uauCtX/JlSxgHB6Ks08FOTSg=,iv:nGGJo64mEcUQgO9no8uLrws6AtRNUd7nEsYVFVIXkno=,tag:roNPGw39YNEBb2NWllbtHA==,type:str]
caveserver: ENC[AES256_GCM,data:EvgnXLZ7ZIcHB/VQj+hEK63DfKfPWGBBdKR1aXFTiN3OwAcfu5jxdSqctK2iAO88jJs=,iv:xEP3OpNNYHisnrtcsCCbjKx34e1DOvikjcRdDx6/WfQ=,tag:XpFBYxuaCMWCTHT09MFvrQ==,type:str]
locations:
snowhawk:
lat: ENC[AES256_GCM,data:N7CsvQ==,iv:BfSp2jXBZDEEyNHhpo3SAwEVIWI0timAT2S1l76ODn0=,tag:Mf99+rM/m3Wh8BmmITKjpg==,type:str]
@ -23,8 +23,8 @@ sops:
SjZNOWNndEIrMDFZRnV3QlRheklvMncK5n4lzgSrEDQ0M8m4SAslQvl2vq39owY9
s3SrXYCvQo6nsKKJMgaN0fnrSqxdSLbnrDYFchaF2fhdXozR8508PA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-24T08:39:41Z"
mac: ENC[AES256_GCM,data:Rg/rkbSyCkVJfISTfHDdNAfwN8cygYya5zqfJg9ZfaVSmbUBoxkWInaEoXcvRLj7GbJl/ZE1coi7/wj4sIECAfUU56MRObxNFa29YPAhBGLb+mwuDDD8Sp9HssnqBbMQXgjUu+JNPRhXkNQJ8vE0UkGjAKjtu9BB4GzKs8GXQ2A=,iv:mkAqcQCIQl4uEn91MxavLY8yS5zjR+1/5BMWgNsK5Jo=,tag:fCyUVItQqbUBUwbCo3rNYA==,type:str]
lastmodified: "2024-07-28T13:47:44Z"
mac: ENC[AES256_GCM,data:XFbPEDTyzV/IyGLkfjtezX4RWokmIIrxHWvGqDF7MaovwrlvamBkIEkCzGACNdd8uwxU6N9eydFd4vL2d/5AfuleES1ZerAT8du4iKZRT3RMNhcjk89wwzRDl2r0XOTRVOWxpoTNZuhS5QKSEQGk7CdP8AimOr/dTKWXMfmdKb0=,iv:xPR7lIZDKx7UQYzT01KeDKyMwHG+3tYL4oyITz7bDqs=,tag:puUeN9NHZI/FDelgZjL7uA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.0