Trolli Schmittlauch
fe50bf0b58
I've decided to just create some ssh host keys via `sudo ssh-keygen -A` to make the key management parallel to linux hosts.
21 lines
557 B
Nix
21 lines
557 B
Nix
{
|
|
inputs,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
let
|
|
homeKeys =
|
|
if pkgs.stdenv.isDarwin then
|
|
"/Users/${config.home.username}/Library/Application Support/sops/age/keys.txt"
|
|
else
|
|
"/home/${config.home.username}/.config/sops/age/keys.txt";
|
|
in
|
|
{
|
|
home.ensureDirs."${builtins.dirOf homeKeys}".mode = "0700";
|
|
sops = {
|
|
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
|
# deliberately not setting `defaultSopsFile` because there is no clear file-hostname-mapping. Each separate home config has to configure this explicitly.
|
|
};
|
|
}
|