feat(home:ssh): add github to ssh knownhosts

2024-06-24 14:14:52 +12:00 · 2024-06-24 14:14:52 +12:00 · f0bd3f97af
commit f0bd3f97af
parent ea5054789d
4 changed files with 16 additions and 8 deletions
--- a/home/modules/console/tools/ssh.nix
+++ b/home/modules/console/tools/ssh.nix
@ -3,20 +3,21 @@
 let
  inherit (lib) mkIf;
  cfg = config.ooknet.tools.ssh;
-  admin = osConfig.ooknet.host.admin;
 in

 {
  config = mkIf cfg.enable {
    programs.ssh = {
      enable = true;
-      extraConfig = /* config */''
-        Host *
-            IdentityAgent "~/.1password/agent.sock"
-      '';
+      compression = true;
+      hashKnownHosts = true;
+      matchBlocks = {
+        "github.com" = {
+          user = "git";
+          hostname = "github.com";
+          identityFile = "${osConfig.age.secrets.github_key.path}";
+        };
+      };
    };
-    programs.fish.interactiveShellInit = mkIf (admin.shell == "fish") /* fish */ ''
-      set -gx SSH_AUTH_SOCK ~/.1password/agent.sock
-    '';
  };
 }
--- a/nixos/modules/base/secrets.nix
+++ b/nixos/modules/base/secrets.nix
@ -20,5 +20,11 @@ in
      group = "users";
      mode = "400";
    };
+    github_key = mkIf admin.homeManager {
+      file = "${self}/secrets/github_key.age";
+      path = "/home/${admin.name}/.ssh/github_key";
+      owner = "${admin.name}";
+      group = "users";
+    };
  };
 }
--- a/secrets/github_key.age
+++ b/secrets/github_key.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -5,4 +5,5 @@ in

 {
  "tailscale-auth.age".publicKeys = [ users.ooks] ++ workstations;
+  "github_key.age".publicKeys = [ users.ooks ] ++ workstations;
 }