47 lines
1.1 KiB
Nix
47 lines
1.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}: let
|
|
cfg = config.hive.ssh;
|
|
in {
|
|
options.hive.ssh = {
|
|
enable = lib.mkEnableOption "SSH keys and config";
|
|
keys = lib.mkOption {
|
|
type = lib.types.listOf (lib.types.str);
|
|
default = [];
|
|
description = ''
|
|
A list of SSH key names. Each one results in a id_<name> file in .ssh
|
|
'';
|
|
};
|
|
sopsFile = lib.mkOption {
|
|
type = lib.types.path;
|
|
default = null;
|
|
description = ''
|
|
Path to the sops file containing the SSH keys.
|
|
Requires a config key. And for each private key names in <keys> an keys.<name> entry.
|
|
'';
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
sops.secrets =
|
|
{
|
|
"ssh/config" = {
|
|
inherit (cfg) sopsFile;
|
|
key = "config";
|
|
path = "${config.home.homeDirectory}/.ssh/config";
|
|
};
|
|
}
|
|
// builtins.listToAttrs (map (name: {
|
|
name = "ssh/id_${name}";
|
|
value = {
|
|
inherit (cfg) sopsFile;
|
|
key = "keys/${name}";
|
|
path = "${config.home.homeDirectory}/.ssh/id_${name}";
|
|
};
|
|
})
|
|
cfg.keys);
|
|
};
|
|
}
|