From 587f734ac1e64b2d1ff888d4e0dd6e02192e8ae2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonas=20R=C3=B6ger?= <jonas.roeger@tu-dortmund.de>
Date: Sat, 3 May 2025 15:26:21 +0200
Subject: [PATCH] Home Gen509 @ 2025-05-03-15:04 by jonas@comfy-station

---
 home/jonas@comfy-station.nix |  6 +++-
 modules/default.nix          |  1 +
 modules/home/ssh.nix         | 60 ++++++++++++++++++++++++++----------
 3 files changed, 49 insertions(+), 18 deletions(-)

diff --git a/home/jonas@comfy-station.nix b/home/jonas@comfy-station.nix
index 40a3f62..a8fec7a 100644
--- a/home/jonas@comfy-station.nix
+++ b/home/jonas@comfy-station.nix
@@ -1,7 +1,6 @@
 {config, ...}: rec {
   imports = [
     ../modules/home/borg.nix
-    ../modules/home/ssh.nix
     ../modules/home/yubikey.nix
   ];
 
@@ -29,6 +28,11 @@
   hive.waybar.enable = true;
   hive.wlogout.enable = true;
   hive.wofi.enable = true;
+  hive.ssh = {
+    enable = true;
+    sopsFile = ../secrets/jonas/ssh.yaml;
+    keys = ["borg" "passgit"];
+  };
   hive.zsh.enable = true;
   hive.nix-scripts.enable = true;
   hive.doom.enable = true;
diff --git a/modules/default.nix b/modules/default.nix
index c0289cc..e21c311 100644
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -41,6 +41,7 @@
       ./home/firefox.nix
       ./home/kdeconnect.nix
       ./home/plasma.nix
+      ./home/ssh.nix
       ./home/wallpaper.nix
     ];
 }
diff --git a/modules/home/ssh.nix b/modules/home/ssh.nix
index 745583a..863c5d5 100644
--- a/modules/home/ssh.nix
+++ b/modules/home/ssh.nix
@@ -1,20 +1,46 @@
-{config, ...}: let
-  sshKeys = name: {
-    "ssh/id_${name}" = {
-      sopsFile = ../../secrets/jonas/ssh.yaml;
-      key = "keys/${name}";
-      path = "${config.home.homeDirectory}/.ssh/id_${name}";
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.hive.ssh;
+in {
+  options.hive.ssh = {
+    enable = lib.mkEnableOption "SSH keys and config";
+    keys = lib.mkOption {
+      type = lib.types.listOf (lib.types.str);
+      default = [];
+      description = ''
+        A list of SSH key names. Each one results in a id_<name> file in .ssh
+      '';
+    };
+    sopsFile = lib.mkOption {
+      type = lib.types.path;
+      default = null;
+      description = ''
+        Path to the sops file containing the SSH keys.
+        Requires a config key. And for each private key names in <keys> an keys.<name> entry.
+      '';
     };
   };
-in {
-  sops.secrets =
-    {
-      "ssh/config" = {
-        sopsFile = ../../secrets/jonas/ssh.yaml;
-        key = "config";
-        path = "${config.home.homeDirectory}/.ssh/config";
-      };
-    }
-    // (sshKeys "borg")
-    // (sshKeys "passgit");
+
+  config = lib.mkIf cfg.enable {
+    sops.secrets =
+      {
+        "ssh/config" = {
+          inherit (cfg) sopsFile;
+          key = "config";
+          path = "${config.home.homeDirectory}/.ssh/config";
+        };
+      }
+      // builtins.listToAttrs (map (name: {
+          name = "ssh/id_${name}";
+          value = {
+            inherit (cfg) sopsFile;
+            key = "keys/${name}";
+            path = "${config.home.homeDirectory}/.ssh/id_${name}";
+          };
+        })
+        cfg.keys);
+  };
 }