Configure secrets, configure ssh and add H4G0

nixos/modules/default.nix

@@ -18,7 +18,11 @@
   users.users.tdpeuter = {
     description = "Tibo De Peuter";
     isNormalUser = true;
-    extraGroups = [ "networkmanager" "wheel" ];
+    extraGroups = [ 
+      config.users.groups.keys.name
+      config.users.groups.networkmanager.name
+      config.users.groups.wheel.name
+    ];
     initialPassword = "ChangeMe";
     packages = with pkgs; [
       home-manager

nixos/modules/utils/default.nix

@@ -1,6 +1,8 @@
 {
   imports = [
     ./mpv
+    ./sops
+    ./ssh
     ./vifm
     ./vim
     ./zellij

nixos/modules/utils/sops/default.nix

@@ -0,0 +1,27 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+    sops
+  ];
+
+  sops = {
+    # Add secrets.yml to the nix store
+    defaultSopsFile = ../../../secrets/secrets.yaml;
+    age = {
+      # Automatically import SSH keys as age keys
+      sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+      # Use an age key that is expected to already be in the filesystem
+      keyFile = "/var/lib/sops-nix/key.txt";
+      # Generate new keys if the key specified above does not exist
+      generateKey = true;
+    };
+    secrets = {
+      "H4G0/ssh" = {
+        format = "yaml";
+        sopsFile = ../../../secrets/H4G0.yaml;
+        owner = config.users.users.tdpeuter.name;
+      };
+    };
+  };
+}

nixos/modules/utils/ssh/default.nix

@@ -5,4 +5,18 @@
     enable = true;
     passwordAuthentication = false;
   };
+
+  home-manager.users.tdpeuter = {
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        "H4G0" = {
+          hostname = "192.168.0.11";
+          identitiesOnly = true;
+          identityFile = "/run/secrets/H4G0/ssh";
+          user = "admin";
+        };
+      };
+    };
+  };
 }