From 25f78907eadd47f3927eb408af27ce868634d1bc Mon Sep 17 00:00:00 2001
From: tdpeuter <tibo.depeuter@gmail.com>
Date: Thu, 21 Sep 2023 16:53:34 +0200
Subject: [PATCH] [SSH] Add H4Git key

---
 nixos/modules/utils/sops/default.nix | 24 ++++++++++++++-------
 nixos/modules/utils/ssh/default.nix  | 11 +++++-----
 nixos/secrets/H4Git.yaml             | 31 ++++++++++++++++++++++++++++
 3 files changed, 53 insertions(+), 13 deletions(-)
 create mode 100644 nixos/secrets/H4Git.yaml

diff --git a/nixos/modules/utils/sops/default.nix b/nixos/modules/utils/sops/default.nix
index 0d97a61..c4f8401 100644
--- a/nixos/modules/utils/sops/default.nix
+++ b/nixos/modules/utils/sops/default.nix
@@ -16,21 +16,29 @@
       # Generate new keys if the key specified above does not exist
       # generateKey = true;
     };
-    secrets = {
-      "H4G0/ssh" = {
-        format = "yaml";
-        sopsFile = ../../../secrets/H4G0.yaml;
-        owner = config.users.users.tdpeuter.name;
-      };
+    secrets =
+      let
+        user = config.users.users.tdpeuter.name;
+      in {
       "GitHub/ssh" = {
         format = "yaml";
         sopsFile = ../../../secrets/GitHub.yaml;
-        owner = config.users.users.tdpeuter.name;
+        owner = user;
       };
       "GitHub-UGent/ssh" = {
         format = "yaml";
         sopsFile = ../../../secrets/GitHub-UGent.yaml;
-        owner = config.users.users.tdpeuter.name;
+        owner = user;
+      };
+      "H4G0/ssh" = {
+        format = "yaml";
+        sopsFile = ../../../secrets/H4G0.yaml;
+        owner = user;
+      };
+      "H4Git/ssh" = {
+        format = "yaml";
+        sopsFile = ../../../secrets/H4Git.yaml;
+        owner = user;
       };
     };
   };
diff --git a/nixos/modules/utils/ssh/default.nix b/nixos/modules/utils/ssh/default.nix
index 84945b2..281361f 100644
--- a/nixos/modules/utils/ssh/default.nix
+++ b/nixos/modules/utils/ssh/default.nix
@@ -1,11 +1,6 @@
 { config, lib, pkgs, ... }:
 
 {
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-  };
-
   home-manager.users.tdpeuter = {
     programs.ssh = {
       enable = true;
@@ -28,6 +23,12 @@
           identityFile = "/run/secrets/GitHub-UGent/ssh";
           user = "tdpeuter";
         };
+        "git.depeuter.dev" = {
+          hostname = "git.depeuter.dev";
+          identitiesOnly = true;
+          identityFile = "/run/secrets/H4Git/ssh";
+          user = "tdpeuter";
+        };
       };
     };
   };
diff --git a/nixos/secrets/H4Git.yaml b/nixos/secrets/H4Git.yaml
new file mode 100644
index 0000000..5266935
--- /dev/null
+++ b/nixos/secrets/H4Git.yaml
@@ -0,0 +1,31 @@
+H4Git:
+    ssh: ENC[AES256_GCM,data:AXt6YNzRkRpMynMkNvMiYas3LpGm34hQFqlaG32+XzhBdrS1wtLaNQp1iy/+G0yXBkwwmRVPoih8ssz7bEkQd+vORP5jSKnARbr9ZZvWoe7XjMDlyyfqMdWE+nr7hACCVmQmTt5VuX33xTuvgAP0hYAzUXMDt5Jl7ZWjfoYegqWUbQLLy6QpSo8hqxZpy7ec3s6mWQgb+nBwIjyIFq866Or56cyT72+b6iOjaehjPzZez1pMO1yCkt7CA5wt+gP76F6wG34PTMn6FtP0aRzGc2MohKLMssU1biqcADsdJmz1tBQZFh7x2X4toCbX9svt3cbGnVOmKbXluKjlS1+6haZgBzdHnob9ZobU2uV9GVyKo4IX3mhXRSeTCusLh9sE4V59FHFyRnVTWzkEBdQcuQ3EzhLFwK74gxTqtdsUbcFSHPwloPBZCfmmHVzqnBwR9FSURBK/olQl7VKr3PKXemzBAlB0COQh+feuH2hp/liWVkHPP5WAaoKpPnKtRduYYSEH4lp2Mk7X3lM/lUp6oIVYtpQby4p2pSU4,iv:n0M5re8pOQXCBcaxkp3n82vdHBcSFHZ8RymnwXaLvIM=,tag:rooT43fOYVWpcnQ8EDV8Qw==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZWnBUQXJKb2JWeGhjQURI
+            QUZLb1RncWRBMkJsVzFmUGFKL2Y4S0pQaVdFCldDSEZIVUJ3N01abmZUeGxPVHZT
+            ZWtKNTdycDlUTmx2UnpzajQvZG9INUEKLS0tIFBYOW8zZjZ4bThBMTBlb3NYOXlw
+            RnR4NEJ6M044dVhLelkyc2ViRU96bTgKfspxNwByG+nLPdfLEvn21BSjjbW5fGuZ
+            77X/olzob2sR8UjYYYfTYUvw+kHfuiC8Mkg2b+Jy7Q6nSQ+4zuq4/A==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1d4gvqz3anf082ja6xt03hnkzazfum80um9t45m4rerl4n3va2yuqgnsg03
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2cUxVekFVdWtsQTNTcm9x
+            YUFOTzdDSU1JeTdDbU0vcUZ4bEp5VGtkcjJRCmVuRUJYR0NnQXVGbnYyZ3FWZXNx
+            TUY3TlVMSTZPSUtUUnJhU2QvSWgyUUEKLS0tIGZaUUNSSkdxQW1zakZDbi9iZThS
+            Z2hKRHVDYUlsa1psaFU3ZUxnZitPbEkKm1sBknoqVcArgLGDD6Twi1/E3TDlAw4d
+            xhzeYNrS9LVCDKco8TGIv9OQV0u0MkGR4/fvuLopn2eyiDlJOqqVNg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2023-09-21T13:16:04Z"
+    mac: ENC[AES256_GCM,data:69g9CpSo6Cg19CG4/vWeh9xT3EATwyxtMQ6xOmqF9kjCu8l9b5ZfFCfgX6RFDwSxFY0u2oFgxbNfbiudcKLwxCoXDSm+xhjpk9SSBSzwAJ+UWWQE/pKJVFbk1QG3iw/VGQJYVUK9SKk6TsTEphHYPS00Go/k38cPxVuyEKcpWkQ=,iv:YVqQmwHgw2Z/AqIJZaxrfotXuuHGx/Vw8p6y3FXbCqg=,tag:0l3f5BX0uzTGB6IBnpqpdg==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.7.3