Home Gen509 @ 2025-05-03-15:04 by jonas@comfy-station

modules/default.nix

@@ -41,6 +41,7 @@
       ./home/firefox.nix
       ./home/kdeconnect.nix
       ./home/plasma.nix
+      ./home/ssh.nix
       ./home/wallpaper.nix
     ];
 }

modules/home/ssh.nix

@@ -1,20 +1,46 @@
-{config, ...}: let
-  sshKeys = name: {
-    "ssh/id_${name}" = {
-      sopsFile = ../../secrets/jonas/ssh.yaml;
-      key = "keys/${name}";
-      path = "${config.home.homeDirectory}/.ssh/id_${name}";
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.hive.ssh;
+in {
+  options.hive.ssh = {
+    enable = lib.mkEnableOption "SSH keys and config";
+    keys = lib.mkOption {
+      type = lib.types.listOf (lib.types.str);
+      default = [];
+      description = ''
+        A list of SSH key names. Each one results in a id_<name> file in .ssh
+      '';
+    };
+    sopsFile = lib.mkOption {
+      type = lib.types.path;
+      default = null;
+      description = ''
+        Path to the sops file containing the SSH keys.
+        Requires a config key. And for each private key names in <keys> an keys.<name> entry.
+      '';
     };
   };
-in {
-  sops.secrets =
-    {
-      "ssh/config" = {
-        sopsFile = ../../secrets/jonas/ssh.yaml;
-        key = "config";
-        path = "${config.home.homeDirectory}/.ssh/config";
-      };
-    }
-    // (sshKeys "borg")
-    // (sshKeys "passgit");
+
+  config = lib.mkIf cfg.enable {
+    sops.secrets =
+      {
+        "ssh/config" = {
+          inherit (cfg) sopsFile;
+          key = "config";
+          path = "${config.home.homeDirectory}/.ssh/config";
+        };
+      }
+      // builtins.listToAttrs (map (name: {
+          name = "ssh/id_${name}";
+          value = {
+            inherit (cfg) sopsFile;
+            key = "keys/${name}";
+            path = "${config.home.homeDirectory}/.ssh/id_${name}";
+          };
+        })
+        cfg.keys);
+  };
 }