From 1f273c3d01e17df7f160cc8f212e971f6ab5c33a Mon Sep 17 00:00:00 2001
From: tdpeuter <tibo.depeuter@gmail.com>
Date: Tue, 10 Oct 2023 21:14:05 +0200
Subject: [PATCH] [ssh] Add SubGit key

---
 nixos/flake.lock                     | 30 ++++++++++++++--------------
 nixos/modules/utils/sops/default.nix |  9 +++++----
 nixos/modules/utils/ssh/default.nix  |  5 +++++
 nixos/secrets/UGent.yaml             |  6 ++++--
 4 files changed, 29 insertions(+), 21 deletions(-)

diff --git a/nixos/flake.lock b/nixos/flake.lock
index 110b080..76b4674 100644
--- a/nixos/flake.lock
+++ b/nixos/flake.lock
@@ -62,11 +62,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1695825837,
-        "narHash": "sha256-4Ne11kNRnQsmSJCRSSNkFRSnHC4Y5gPDBIQGjjPfJiU=",
+        "lastModified": 1696697597,
+        "narHash": "sha256-q26Qv4DQ+h6IeozF2o1secyQG0jt2VUT3V0K58jr3pg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "5cfafa12d57374f48bcc36fda3274ada276cf69e",
+        "rev": "5a237aecb57296f67276ac9ab296a41c23981f56",
         "type": "github"
       },
       "original": {
@@ -77,11 +77,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1694908564,
-        "narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=",
+        "lastModified": 1696717752,
+        "narHash": "sha256-qEq1styCyQHSrw7AOhskH2qwCFx93bOwsGEzUIrZC0g=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "596611941a74be176b98aeba9328aa9d01b8b322",
+        "rev": "2f3b6b3fcd9fa0a4e6b544180c058a70890a7cc1",
         "type": "github"
       },
       "original": {
@@ -93,11 +93,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1696019113,
-        "narHash": "sha256-X3+DKYWJm93DRSdC5M6K5hLqzSya9BjibtBsuARoPco=",
+        "lastModified": 1696604326,
+        "narHash": "sha256-YXUNI0kLEcI5g8lqGMb0nh67fY9f2YoJsILafh6zlMo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f5892ddac112a1e9b3612c39af1b72987ee5783a",
+        "rev": "87828a0e03d1418e848d3dd3f3014a632e4a4f64",
         "type": "github"
       },
       "original": {
@@ -125,11 +125,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1695284550,
-        "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
+        "lastModified": 1696890802,
+        "narHash": "sha256-q0cbDNjTnZ1ojoPdy4liEHWXokhQSNULnSKgURp4v2g=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "2f375ed8702b0d8ee2430885059d5e7975e38f78",
+        "rev": "6b32358c22d2718a5407d39a8236c7bd9608f447",
         "type": "github"
       },
       "original": {
@@ -175,11 +175,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1657226504,
-        "narHash": "sha256-GIYNjuq4mJlFgqKsZ+YrgzWm0IpA4axA3MCrdKYj7gs=",
+        "lastModified": 1696331477,
+        "narHash": "sha256-YkbRa/1wQWdWkVJ01JvV+75KIdM37UErqKgTf0L54Fk=",
         "owner": "gytis-ivaskevicius",
         "repo": "flake-utils-plus",
-        "rev": "2bf0f91643c2e5ae38c1b26893ac2927ac9bd82a",
+        "rev": "bfc53579db89de750b25b0c5e7af299e0c06d7d3",
         "type": "github"
       },
       "original": {
diff --git a/nixos/modules/utils/sops/default.nix b/nixos/modules/utils/sops/default.nix
index e4b0f61..81a9935 100644
--- a/nixos/modules/utils/sops/default.nix
+++ b/nixos/modules/utils/sops/default.nix
@@ -26,10 +26,10 @@
           owner = user;
         };
         UGent = {
-        format = "yaml";
-        sopsFile = ../../../secrets/UGent.yaml;
-        owner = user;
-      };
+          format = "yaml";
+          sopsFile = ../../../secrets/UGent.yaml;
+          owner = user;
+        };
     in {
       "Hugo/ssh" = Hugo;
       "UGent/HPC/ssh" = UGent;
@@ -41,6 +41,7 @@
       };
       "Hugo/Gitea/ssh" = Hugo; 
       "UGent/GitHub/ssh" = UGent; 
+      "UGent/SubGit/ssh" = UGent;
     };
   };
 }
diff --git a/nixos/modules/utils/ssh/default.nix b/nixos/modules/utils/ssh/default.nix
index 5b04bed..445fbc8 100644
--- a/nixos/modules/utils/ssh/default.nix
+++ b/nixos/modules/utils/ssh/default.nix
@@ -42,6 +42,11 @@
           identityFile = "/run/secrets/UGent/GitHub/ssh";
           user = "tdpeuter";
         };
+        "subgit.ugent.be" = {
+          hostname = "subgit.ugent.be";
+          identitiesOnly = true;
+          identityFile = "/run/secrets/UGent/SubGit/ssh";
+        };
       };
     };
   };
diff --git a/nixos/secrets/UGent.yaml b/nixos/secrets/UGent.yaml
index bad19d8..ee6240b 100644
--- a/nixos/secrets/UGent.yaml
+++ b/nixos/secrets/UGent.yaml
@@ -3,6 +3,8 @@ UGent:
         ssh: ENC[AES256_GCM,data:J50bZHBhN1AT1mF0YpzAFvC4zYeXiIPLJsb4Bx2oqnwX8XlfL0xta7z9Y5CmLxBIxowpj2sLaAnElO1pbsGl8NCnERYvAAt0tpnF3ndozLKfqGPsBKnnc/s9CrZhcsCtoH23lMlVsYMJfVR3B1/0W1XeU+E/GpzBTaH0jkwpmE9+k/TdtPPqSqHvF47NS9lTDx9puHSFixNhxUE82/7wvKTrkGO6+SJXTELXqFM7IojwIHs9UrL2zIrMMRnSPwAiZ96UI4Cg2S18j610ZzX/aw1qODqL53ZfZ9HKurGxyEN58ehR4UhiGsHiml9Ged9UIHhpX3DtMCrwrZfAzGLDV4DxDGQRT8C/aCgOag5AtYJczivY8wA9CQpiTBBUlomUurjRtiSX4FdvZxZLTmY+DtnE/SblRNsAZUEu6DVcg+HUYgqWu+XgVhWyKCiEbKpw0Crl4O3e8evIZ8H7+o3ydQjSgjbIkNjtYGR6fH/8Hh1HOsdh9CDevhNh0TtD/KP7ahTEIeelm6A9ZaP92Bnga5aafKtjX0RBOv4u,iv:6YE94ihsaUkB9+c48ELvRiY8bgZvS0EoyP+l5AisW8o=,tag:NSMpky7GoxDkybFSCjJm3Q==,type:str]
     HPC:
         ssh: ENC[AES256_GCM,data:A4ir0yvCgIVJCl4C5fB4+WhJVj6Go9XWfjw1/lOaWr2rP+tVNnjGuv/d47z55Gxose5keYX2wRMet/M2Re18+5ckFTyfT4YkcHtQCyBGbmwYmIzxcaxinNsCuOelEdNnFnYW2ha0aJ8Q5Xjfpec1YqDrCT/Add3qGRzBizQJ1FajbyhxJOKLYvUrYvLZ8+XE8SUndvjQnVig3ArUm2hDFsEMm4ClZ4T+EwcIuWrS8ia7ZoqlQhglEtlSEczE65a6hQAFeXE64YC3s8kWlRGhRqJQXjB5g/UTkOht3Vrw2cNzrz90tR9vhooOEBEI6d8F8RJGkdyUe5zod1eKnE/lwOFhhTbzrGrYzX4oUrDIL+Dx9+R9mQchv9qSau1JtKDvzkYmqVVgTC6wE98gTRSBw78f0MKO27FA3diC/k3t+mwsKVRjcvlTUcbRcFAxjq/U5TbOq5jOgA41dI9KE/+bnJoLRh81m/sq9EqMTp90wDKn+jjCn7lGcGDwtaaTlbLIGIw5u9pcfD4UyvJZamnS96JAhsDUqk+fxb05,iv:jPCdaC7CahKrj3tvzZTs1ZI/3+zuCCqIdXp3vo9l/iY=,tag:DeUdWEZHpsB1AMD2AQuiTg==,type:str]
+    SubGit:
+        ssh: ENC[AES256_GCM,data:hJAle4DHJNvX569reclBG5rEdWsjAyV2TtHYMiPfky/dMKJkYgT4+T0doLfUn1O6at77kJGPmwUEvmK819DUuvHtNY7c6angV7iLygJ/ThI1FIFOKH+NxEsI3scoT0VDDybHpgice/fcJL1tMcvE74+dWOnZ2r4pxcMJEFHUPVVWcl9/stJLn78OonsyWpj8PglcnYFOfZ6THIe3lyNBxRp7XEweuwjacthGzOzNu3Z95zcCAnAokFVZ570glJNhjJVNEmPHZkHOcGiGNNM4JNbR11v+dOYtac942t/mmmWwAzbznuu8ZLupYWjdg/f07ftkPAwFwCoXblZ3708Lvf6uOt/CPeWvEII2Haf1Cr5w+U6TAt14zzL73xCSQqwz1TfkcmD+bJplmtcpSP/KX8/BRK7qr6Ec5T9ecbraRB7zDBg0X2x51DSHLrA7UIhpI9JNaOArU5UOVYTWwuzFiGG61elJMcPZ5vWEVrTCocfa4INPo4B2MkFbbsYf6xnY1L3Wc9LQjkff6aCqYnQaXZ/WfPWepf9YvYG1,iv:0Bm1r0FuJJKKmcbTiPL36rb5FaMZfOO7Mx8pXU2FSfg=,tag:0ShoJPJUx37mEAus+mhPmw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -18,8 +20,8 @@ sops:
             aDNUbFlhWWVoOWpjVlV1VTVJejlSMjQK6wCeCRdHY5oyTX6/R1U5AOGJyp0exi1A
             dWPUMfkKBBBkrR+G6ougd8o3FwFf+yfb5RhaTxxqjit6p2RyMjR64w==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-10-05T18:46:49Z"
-    mac: ENC[AES256_GCM,data:a1BSmnDBsXhd7eOJ4GNdRwzKkIb8IL+aadSb92RZCdyAIg37Pj2BdsiU9lhofOhEBZ5lhT0hHknqGUzAWO2Lc1qrrluUz2Fz/RFphs55jdj/ZMSOvTQwehrDhqIhluubLgTsQds51CikKhTHCnVjFJNG5q7Qr0aWJSbrmZcj/FE=,iv:fk5+FY2HXyFOGHbl0u0lzwsDthGXbO26XWn8gxvdizg=,tag:oOiPKFJG7fhvnnCK5ISK8Q==,type:str]
+    lastmodified: "2023-10-10T06:57:11Z"
+    mac: ENC[AES256_GCM,data:Tvwv2mqceAxi7ic3+95Y6hBMHjqVoCkYnTkEsXOrhumgXpuuB/QQ0ASEf6gbgkCLXGwnUAXsK41bIIJfFgYSk89fHw6AaXfs6a+zL2Mh5zkhMIE2bm68mFK8+/TX/e8SibbEwNZCKOcPqvaO6nK816KCmh3KKCbT9ObaB6CA/KI=,iv:YPKgYAnQ135JXou7q9jVN7b3SKIDwceKcbqiIjkqnTU=,tag:udPrEVu2F+hWkhNoEyjTYg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.7.3