Add common hosts config

This commit is contained in:
2025-04-22 22:12:45 +02:00
parent 142b16fa9c
commit 05350e1c1c
10 changed files with 246 additions and 94 deletions

@ -0,0 +1,22 @@
{
inputs,
config,
...
}:
let
isEd25519 = k: k.type == "ed25519";
getKeyPath = k: k.path;
keys = builtins.filter isEd25519 config.services.openssh.hostKeys;
in
{
imports = [ inputs.sops-nix.nixosModules.sops ];
sops.age = {
sshKeyPaths = map getKeyPath keys;
# TODO: remove? only rely on ssh or pgp keys (e.g. ubikey like misterio is using!!!)
keyFile = "/home/julian/.config/sops/age/keys.txt";
# Generate key if none of the above worked. With this, building will still work, just without secrets
generateKey = true;
};
}