feat(home:ssh): add github to ssh knownhosts

home/modules/console/tools/ssh.nix

@@ -3,20 +3,21 @@
 let
   inherit (lib) mkIf;
   cfg = config.ooknet.tools.ssh;
-  admin = osConfig.ooknet.host.admin;
 in
 
 {
   config = mkIf cfg.enable {
     programs.ssh = {
       enable = true;
-      extraConfig = /* config */''
+      compression = true;
-        Host *
+      hashKnownHosts = true;
-            IdentityAgent "~/.1password/agent.sock"
+      matchBlocks = {
-      '';
+        "github.com" = {
+          user = "git";
+          hostname = "github.com";
+          identityFile = "${osConfig.age.secrets.github_key.path}";
+        };
+      };
     };
-    programs.fish.interactiveShellInit = mkIf (admin.shell == "fish") /* fish */ ''
-      set -gx SSH_AUTH_SOCK ~/.1password/agent.sock
-    '';
   };
 }

nixos/modules/base/secrets.nix

@@ -20,5 +20,11 @@ in
       group = "users";
       mode = "400";
     };
+    github_key = mkIf admin.homeManager {
+      file = "${self}/secrets/github_key.age";
+      path = "/home/${admin.name}/.ssh/github_key";
+      owner = "${admin.name}";
+      group = "users";
+    };
   };
 }

secrets/secrets.nix

@@ -5,4 +5,5 @@ in
 
 {
   "tailscale-auth.age".publicKeys = [ users.ooks] ++ workstations;
+  "github_key.age".publicKeys = [ users.ooks ] ++ workstations;
 }