From 3d4cd5ba5c48f0b96fc28c218383aa375118a3f3 Mon Sep 17 00:00:00 2001
From: Tibo De Peuter <tibo@depeuter.dev>
Date: Sat, 4 Oct 2025 21:46:18 +0200
Subject: [PATCH] [sops/ssh] Add more SSH config/keys

---
 nixos/.sops.yaml                 |  5 ++---
 nixos/secrets/HomeLab.yaml       |  7 ++++--
 nixos/secrets/UGent.yaml         |  7 +++---
 nixos/users/tdpeuter/secrets.nix |  8 +++++--
 stow/ssh/.ssh/config             | 37 ++++++++++++++++++++++----------
 5 files changed, 42 insertions(+), 22 deletions(-)

diff --git a/nixos/.sops.yaml b/nixos/.sops.yaml
index 1e89a07..385e7af 100644
--- a/nixos/.sops.yaml
+++ b/nixos/.sops.yaml
@@ -1,11 +1,10 @@
 keys:
-  - &tdpeuter age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
+  - &Tibo-NixFatDesk age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
   - &Tibo-NixTop age1qzutny0mqpcccqw6myyfntu6wcskruu9ghzvt6r4te7afkqwnguq05ex37
 
 creation_rules:
   - path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
     key_groups:
     - age:
-      - *tdpeuter
+      - *Tibo-NixFatDesk
       - *Tibo-NixTop
-
diff --git a/nixos/secrets/HomeLab.yaml b/nixos/secrets/HomeLab.yaml
index 1ae070a..2cbb8fc 100644
--- a/nixos/secrets/HomeLab.yaml
+++ b/nixos/secrets/HomeLab.yaml
@@ -8,6 +8,9 @@ HomeLab:
     NixOS:
         admin:
             ssh: ENC[AES256_GCM,data:rAn/H2CtK2dkES2UIJrZbEP/3rqLgJsy5rortmdqoCthQ41IxztiaH1VtdaVDtw5j0qu49RJ59KkmYpOQXC2okAgLeqcb+J9iwrwspfKd+/I186a4gHZ2l+hGpmr3Vbs6K/UoCY67uygZhznBuwKeW4EjYJgGS7zInJFmMvcMV1rP/t4VoW+5oxptQNCrzoRukIG6NiAOcqU1GtvBfL5PxLaTWUEcZMYuo6sY/9VuEWgkZP1bmhBPUIv9D5yJo94KQr0YOaX4lz2pwd+K0cdD8d0Lh8B5YplA1NDCUnBbuDXfH0aSUAm7DCm6Y/E2UECEMRLuwfyEoe/yaHh8iCGveI//FkmiIKNY1SmTkjM2Fdfk6QaVDF8sG2CWdX21H3senfeM6jSow7JLY1LDvC2WxO4YIJEi14Y7zEpIZinWimyAhihPvMLnwd3taOhE59NrTOQKQS3tyFX+5tO3LtBrpn+Tm/B7WO49EkRn1LXN8CWkFnEEGXgxfNRg91C967nHaNpDMssGjfVG20WwYAtMKXzrNyzSEJbZglQ,iv:vY/8yyO0eLzpdho9aPUH9WGQ8Cp5LA+5RckjzDgYMMY=,tag:Jar1qVS/c1rQ8f3qpYqJdA==,type:str]
+    Roxanne:
+        ghost:
+            ssh: ENC[AES256_GCM,data:hkgVUVyCLANeYB4bcCTLB/F6eAbg7J4eN8y+VVzBfkcgnpDmXmghBihreQVT7OIwRrHIH1ok2vuH8vgXb38tuplUD5I8e0Gqy3EqpOGagsO8lss4aIg2lRwZ9WazJknvo4OaGc34jrwcZicesnaxK6g+GX2r2N4caGKMuOZ2i1mLKBwOcEtL6l3REKrGkExd3mYJX1Yqs7sMbGLNpfemDghv646zvxDRwPby49qIPA8OtGR+DBMZTTEviNqamJaFbs7YX+K77J1NHK59u6UfzU6hEjTBEYIjkFDzGATAZAopCsjOHcAA0alejHK4QZZt3e8unVsLICNK08ZCyEzwSXQ/wpUh3ccGcLit2t1LYZT4PqqG8+6ooaQYso67Wral0pdsTsrF0mGNfsZm76MDV9puP5B+IInanHz+2mCHbdmTi6rg9t8Q6mpFqrUbrwxMn2Ns1proBXBCqK/sFjC/bVIyMHUVOh6GYcKaVTv8ecB9ZEjp5dZ4VeStqTMT+xqS7dXBAJzGytLwXT/JaQelIE0w47aBaGy63Pqy,iv:WuAGU+ru8xLp2LXK12x/ueCH0XDxA0zGUt7+HWUdVMo=,tag:UqUMD/jSdTXOkf0kyMqwHA==,type:str]
 sops:
     age:
         - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
@@ -28,7 +31,7 @@ sops:
             NFRtOFIybnFPWm1idFY0WEVqVGxOK1UKiJDByqKv/i/l9dvOplDyzDORU3ulhSwi
             6xyEqmyNQpIkiS6TLZZYrBlQMDYqZ2gj1HhdIUssWJCf5Ho8KVDjJQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-10-04T15:55:51Z"
-    mac: ENC[AES256_GCM,data:HxZzzUqUSS9dS8XZEitD911fx750571M07IYknc94S4uCVCw8QOkhR4NYkDIIDShCBJn3UzNkvBT+uSpvlNy63JKELZOuSuw4WwhT7agx166W/g464bkHmmkRZ2jR60fH1fHi6rxViXrQ9JRthIBX9JWbbd5NxKQUa/+k+Z+Euo=,iv:6v5qvoqM+9M+htkOtJxxIsc5BuXAImijhHCvFI/gwiA=,tag:8F7KCunNM0mKr0UlQLpyLA==,type:str]
+    lastmodified: "2025-10-04T19:40:06Z"
+    mac: ENC[AES256_GCM,data:V/0QsMR9nuoK7Tgj9UVxcsWM5llHlpMj+K0IgN3ZdqFQptOpasq+xVBBnSpNOarNFXB7t2ZCkzLMWptl/6fNH9Cye2qf8GjplHLGTB9x8t2u2XMwJf4BwCjOgxhiKo5jqFmjnFE2mX2EeZmHXv3G8gPwW+1cVttQQ4s7REo3Hww=,iv:AY0RSvevoSscdjl44iGEvWzcb664285csg1h0Hpixn4=,tag:yebUKx6Ssa6sB9HbNlLmUw==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2
diff --git a/nixos/secrets/UGent.yaml b/nixos/secrets/UGent.yaml
index 5e55b6d..634ba65 100644
--- a/nixos/secrets/UGent.yaml
+++ b/nixos/secrets/UGent.yaml
@@ -5,7 +5,6 @@ UGent:
         ssh: ENC[AES256_GCM,data:A4ir0yvCgIVJCl4C5fB4+WhJVj6Go9XWfjw1/lOaWr2rP+tVNnjGuv/d47z55Gxose5keYX2wRMet/M2Re18+5ckFTyfT4YkcHtQCyBGbmwYmIzxcaxinNsCuOelEdNnFnYW2ha0aJ8Q5Xjfpec1YqDrCT/Add3qGRzBizQJ1FajbyhxJOKLYvUrYvLZ8+XE8SUndvjQnVig3ArUm2hDFsEMm4ClZ4T+EwcIuWrS8ia7ZoqlQhglEtlSEczE65a6hQAFeXE64YC3s8kWlRGhRqJQXjB5g/UTkOht3Vrw2cNzrz90tR9vhooOEBEI6d8F8RJGkdyUe5zod1eKnE/lwOFhhTbzrGrYzX4oUrDIL+Dx9+R9mQchv9qSau1JtKDvzkYmqVVgTC6wE98gTRSBw78f0MKO27FA3diC/k3t+mwsKVRjcvlTUcbRcFAxjq/U5TbOq5jOgA41dI9KE/+bnJoLRh81m/sq9EqMTp90wDKn+jjCn7lGcGDwtaaTlbLIGIw5u9pcfD4UyvJZamnS96JAhsDUqk+fxb05,iv:jPCdaC7CahKrj3tvzZTs1ZI/3+zuCCqIdXp3vo9l/iY=,tag:DeUdWEZHpsB1AMD2AQuiTg==,type:str]
     SubGit:
         ssh: ENC[AES256_GCM,data:hJAle4DHJNvX569reclBG5rEdWsjAyV2TtHYMiPfky/dMKJkYgT4+T0doLfUn1O6at77kJGPmwUEvmK819DUuvHtNY7c6angV7iLygJ/ThI1FIFOKH+NxEsI3scoT0VDDybHpgice/fcJL1tMcvE74+dWOnZ2r4pxcMJEFHUPVVWcl9/stJLn78OonsyWpj8PglcnYFOfZ6THIe3lyNBxRp7XEweuwjacthGzOzNu3Z95zcCAnAokFVZ570glJNhjJVNEmPHZkHOcGiGNNM4JNbR11v+dOYtac942t/mmmWwAzbznuu8ZLupYWjdg/f07ftkPAwFwCoXblZ3708Lvf6uOt/CPeWvEII2Haf1Cr5w+U6TAt14zzL73xCSQqwz1TfkcmD+bJplmtcpSP/KX8/BRK7qr6Ec5T9ecbraRB7zDBg0X2x51DSHLrA7UIhpI9JNaOArU5UOVYTWwuzFiGG61elJMcPZ5vWEVrTCocfa4INPo4B2MkFbbsYf6xnY1L3Wc9LQjkff6aCqYnQaXZ/WfPWepf9YvYG1,iv:0Bm1r0FuJJKKmcbTiPL36rb5FaMZfOO7Mx8pXU2FSfg=,tag:0ShoJPJUx37mEAus+mhPmw==,type:str]
-    Dwengo: ENC[AES256_GCM,data:3lsZJ5ztkGOfHFQNr54xs9evSTEAs9XHJhg6Krvz3fkT8CaGSiRW5HTCfANGhQ3wJ8kHVziwopQCJ8s93gaipAuEu5k/hYj5wYhOn6x8oDJxftMJC94JDL4eYGIXbx9GSPIy+loftfYIZcfmi6o1lQdiqRdC207Cs+p0ZTB7JSvales16IpgYKoTCRLUytd9cBrezD9gVEngW1b4wHGzai4OOTSunlOVVAgapAKsN+swN7QtMt00607Ns6gCoQDV76qAbM+6EN8PlIKwbyy9UneeTXOf0wtQpb2TM1zrVR7LOqNyXT+DUlrBLpOpYK8tPCP8y5m9DMLixrhbAXMT6pIp2XSbmcfcsuMGLJE2ev/c6PxmbjqiCGEYPC3HdAgUpNDtOMixnHEoXnMUPDJeE0MXbSFMRmzNGo7pc5gOoCFmCkV9NVQXERR6m04Bn3czRQVHfoVIc4ciPdiXpOqF8ocTnqZj7HRW8dvZz9V50ViHwOVqWLJ2a/QUMdagXlaK7zPrxPETKz47iMoMfVaUE8ePg2L5sEZHja62,iv:s/+JYSkZudTr4MnTclpNV7i5VGUlqFhdvovcFt+inSQ=,tag:4Ge0ZOc6qNObQrzS0K0WDA==,type:str]
 sops:
     age:
         - recipient: age1fva6s64s884z0q2w7de024sp69ucvqu0pg9shrhhqsn3ewlpjfpsh6md7y
@@ -26,7 +25,7 @@ sops:
             S05HZ0FiSVlkUjRRV01TbjlpVFlkQWcK7jAqOYd9EDT93xpVgtpKl03EO6oHmGRR
             iK9j2y7j1YSghPKDBrC5eKy9+IP/EFEBGygcokqT7C6Nscu80YhVbg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-02-21T19:36:01Z"
-    mac: ENC[AES256_GCM,data:NMxbxf7/UwR9akbbLgKeSLIkk+dS/an2pGzZUSbe1AJenCVFO/fiRCC5BF6xJVpFSpag/dLwo/tS64JmJ36Vqn2sQGmqn26HPXsjAgyUdpp3+anXIVOGvNHF3oCM8gEUk9+W2FsOqKuejpD7HK/IsVJEZZLbThkUS1BiptOWk84=,iv:xNBBjWADFF5itg45KnmNbZG5RN0KRpaph7iMGhf1KZg=,tag:FrDSAbvo/7QHH0g5Ik8ATw==,type:str]
+    lastmodified: "2025-10-06T14:01:15Z"
+    mac: ENC[AES256_GCM,data:bWo5DGCt5cK02Lf61yKFDZLLaMmcWyba+03CZ35EnGz7Hoc1sl3qTmgJfNz8EKDeXTIkk33DdnI/kZ2nX7vsZ/QgOhFQWzWRYe1cxqiWyd0wnUlwdoeeFrBP3uOTHXAOVe6q77S3qChzBP3J+5OijztvdOVEOKFmFPSCgyA029Q=,iv:6DSp63IrtYyaFxkaify/JZDXpB76AaGGW/OcPTKBbvk=,tag:sPKddpcx60JFZ4VEGD1tnQ==,type:str]
     unencrypted_suffix: _unencrypted
-    version: 3.9.2
+    version: 3.10.2
diff --git a/nixos/users/tdpeuter/secrets.nix b/nixos/users/tdpeuter/secrets.nix
index 576c67d..a7afac6 100644
--- a/nixos/users/tdpeuter/secrets.nix
+++ b/nixos/users/tdpeuter/secrets.nix
@@ -24,7 +24,6 @@ in {
         };
       in {
         "UGent/HPC/ssh" = UGent;
-        "UGent/Dwengo" = UGent;
 
         # Git authentication
         "Gitea/ssh" = personal;
@@ -33,8 +32,13 @@ in {
         "UGent/SubGit/ssh" = UGent;
 
         # HomeLab
-        "HomeLab/Gitea/ssh" = HomeLab;
+
+        # Physical hosts
         "HomeLab/Hugo/ssh" = HomeLab;
+        "HomeLab/Roxanne/ghost/ssh" = HomeLab;
+
+        # Virtual hosts
+        "HomeLab/Gitea/ssh" = HomeLab;
         "HomeLab/Nextcloud/ssh" = HomeLab;
         "HomeLab/NixOS/admin/ssh" = HomeLab;
       });
diff --git a/stow/ssh/.ssh/config b/stow/ssh/.ssh/config
index aacb461..2e45b5d 100644
--- a/stow/ssh/.ssh/config
+++ b/stow/ssh/.ssh/config
@@ -4,12 +4,6 @@ Host HPC
     IdentitiesOnly yes
     IdentityFile /run/secrets/UGent/HPC/ssh
 
-Host Dwengo
-    User tibo
-    HostName sel2-1.ugent.be
-    IdentitiesOnly yes
-    IdentityFile /run/secrets/UGent/Dwengo
-
 # Git authentication
 Host git.depeuter.dev
     User git
@@ -37,20 +31,41 @@ Host subgit.ugent.be
     CanonicalizeHostname yes # Ignore capitalization
 
 # HomeLab
-Host Gitea
-    User admin
-    HostName 192.168.0.24
-    IdentitiesOnly yes
-    IdentityFile /run/secrets/HomeLab/Gitea/ssh
 
+# Physical hosts
 Host Hugo
     User admin
     HostName 192.168.0.11
     IdentitiesOnly yes
     IdentityFile /run/secrets/HomeLab/Hugo/ssh
 
+Host Roxanne
+    User ghost
+    Hostname 192.168.0.13
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/HomeLab/Roxanne/ghost/ssh
+
+# Virtual hosts
+Host Gitea
+    User admin
+    HostName 192.168.0.24
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/HomeLab/Gitea/ssh
+
 Host Nextcloud
     User administrator
     Hostname 192.168.0.14
     IdentitiesOnly yes
     IdentityFile /run/secrets/HomeLab/Nextcloud/ssh
+
+Host Development
+    User admin
+    Hostname 192.168.0.91
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/HomeLab/NixOS/admin/ssh
+
+Host Testing
+    User admin
+    Hostname 192.168.0.92
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/HomeLab/Nixos/admin/ssh