diff --git a/flake.lock b/flake.lock index ca4a362..bec1da9 100644 --- a/flake.lock +++ b/flake.lock @@ -228,11 +228,11 @@ "nix-secrets": { "flake": false, "locked": { - "lastModified": 1716469326, - "narHash": "sha256-Y/oaOb0bR3VECHznlAh16DpTqDy54Ldhvupu9AOqF6E=", + "lastModified": 1716659471, + "narHash": "sha256-Wh43usJoW7JQnO1ZnPgg4ivHCXzGkMd2KswV9MeniUo=", "ref": "refs/heads/master", - "rev": "be937cfd892ca1a027982f2a94f6b035623353c7", - "revCount": 33, + "rev": "72490bd6af1c40712577bf2d5f96927bd557a6a7", + "revCount": 34, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/home/common/core/default.nix b/home/common/core/default.nix index 30edb09..48a1333 100644 --- a/home/common/core/default.nix +++ b/home/common/core/default.nix @@ -2,6 +2,5 @@ { imports = [ ./zsh.nix - ./ssh.nix ] ; } diff --git a/home/common/core/ssh.nix b/home/common/core/ssh.nix deleted file mode 100644 index 605a98c..0000000 --- a/home/common/core/ssh.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, pkgs, ... }: - -{ - programs.ssh = { - enable = true; - matchBlocks = { - "git.bitlab21.com" = { - identitiesOnly = true; - identityFile = "~/.ssh/deploy_key-ssh-ed25519"; - }; - }; - }; -} diff --git a/home/users/media/default.nix b/home/users/media/default.nix index 5e03f87..8a5cf2c 100644 --- a/home/users/media/default.nix +++ b/home/users/media/default.nix @@ -9,9 +9,19 @@ inputs.impermanence.nixosModules.home-manager.impermanence ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? + programs.ssh = { + enable = true; + matchBlocks = { + "git.bitlab21.com" = { + identitiesOnly = true; + identityFile = [ "~/.ssh/deploy_key-ssh-ed25519" ]; + }; + }; + }; + xdg.userDirs = { enable = true; - createDirectories = false; + createDirectories = true; desktop = "/home/media/Desktop"; documents = null; download = "/home/media/Downloads"; diff --git a/home/users/sam/default.nix b/home/users/sam/default.nix index 9c3eaac..ea21adf 100644 --- a/home/users/sam/default.nix +++ b/home/users/sam/default.nix @@ -21,6 +21,16 @@ ".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic"; }; + programs.ssh = { + enable = true; + matchBlocks = { + "git.bitlab21.com" = { + identitiesOnly = true; + identityFile = [ "~/.ssh/id_ed25519"]; + }; + }; + }; + home.sessionPath = [ ]; diff --git a/hosts/common/users/media/default.nix b/hosts/common/users/media/default.nix index afd6832..22747ae 100644 --- a/hosts/common/users/media/default.nix +++ b/hosts/common/users/media/default.nix @@ -44,21 +44,21 @@ in }; }; - sops.secrets."passwords/${username}" = { - sopsFile = "${secretsFile}"; - neededForUsers = true; - }; - - sops.secrets."ssh_keys/${username}/id_ed25519" = { - path = "/home/${username}/.ssh/id_ed25519"; - mode = "0600"; - owner = "${username}"; - }; - - sops.secrets."ssh_keys/${username}/id_ed25519.pub" = { - path = "/home/${username}/.ssh/id_ed25519.pub"; - mode = "0644"; - owner = "${username}"; + sops.secrets = { + "passwords/${username}" = { + sopsFile = "${secretsFile}"; + neededForUsers = true; + }; + "ssh_keys/${username}/id_ed25519" = { + path = "/home/${username}/.ssh/id_ed25519"; + mode = "0600"; + owner = "${username}"; + }; + "ssh_keys/${username}/id_ed25519.pub" = { + path = "/home/${username}/.ssh/id_ed25519.pub"; + mode = "0644"; + owner = "${username}"; + }; }; services.flatpak.enable = true; diff --git a/hosts/common/users/sam/default.nix b/hosts/common/users/sam/default.nix index abba8ce..8495606 100644 --- a/hosts/common/users/sam/default.nix +++ b/hosts/common/users/sam/default.nix @@ -23,9 +23,21 @@ in }; - sops.secrets."passwords/${username}" = { - sopsFile = "${secretsFile}"; - neededForUsers = true; + sops.secrets = { + "passwords/${username}" = { + sopsFile = "${secretsFile}"; + neededForUsers = true; + }; + "ssh_keys/${username}/id_ed25519" = { + path = "/home/${username}/.ssh/id_ed25519"; + mode = "0600"; + owner = "${username}"; + }; + "ssh_keys/${username}/id_ed25519.pub" = { + path = "/home/${username}/.ssh/id_ed25519.pub"; + mode = "0644"; + owner = "${username}"; + }; }; programs.zsh.enable = true;