Extract ssh identity management into separate module

rake5k · Oct 14, 2023 · a0a1db2 · a0a1db2
1 parent dd56851
commit a0a1db2
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 21 deletions.
diff --git a/home/programs/logseq/default.nix b/home/programs/logseq/default.nix
@@ -0,0 +1,33 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.custom.programs.logseq;
+
+  sshKey = "id_logseq";
+  sshPubKey = "${sshKey}.pub";
+
+in
+
+{
+  options = {
+    custom.programs.logseq = {
+      enable = mkEnableOption "Logseq";
+    };
+  };
+
+  config = mkIf cfg.enable {
+
+    custom = {
+      programs.ssh = {
+        enable = true;
+        identities = [ sshKey sshPubKey ];
+      };
+      roles.homeage.secrets = [ sshKey sshPubKey ];
+    };
+
+    home.packages = [ pkgs.logseq ];
+  };
+}
diff --git a/home/programs/ssh/default.nix b/home/programs/ssh/default.nix
@@ -0,0 +1,36 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+
+  cfg = config.custom.programs.ssh;
+
+  inherit (config.custom.roles.homeage) secretsPath;
+  sshDirectory = ".ssh";
+  mkFileEntry = identity: {
+    name = "${sshDirectory}/${identity}";
+    value = { source = "${secretsPath}/${identity}"; };
+  };
+
+in
+
+{
+  options = {
+    custom.programs.ssh = {
+      enable = mkEnableOption "SSH client";
+
+      identities = mkOption {
+        type = with types; listOf str;
+        default = [ ];
+        description = "SSH identities managed by homeage";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    custom.roles.homeage.secrets = cfg.identities;
+    home.file = listToAttrs (map mkFileEntry cfg.identities);
+    programs.ssh.enable = true;
+  };
+}
diff --git a/home/roles/desktop/default.nix b/home/roles/desktop/default.nix
@@ -88,26 +88,28 @@ in
 
   config = mkIf cfg.enable {
 
-    custom.roles.desktop = {
-      cursors.enable = true;
-      grobi.enable = true;
-      gtk.enable = true;
-      redshift.enable = true;
-      terminal.enable = true;
-      xmonad.enable = true;
+    custom = {
+      programs.logseq.enable = true;
+      roles = {
+        desktop = {
+          cursors.enable = true;
+          grobi.enable = true;
+          gtk.enable = true;
+          redshift.enable = true;
+          terminal.enable = true;
+          xmonad.enable = true;
+        };
+      };
     };
 
-    home = {
-      packages = with pkgs; [
-        gnome.pomodoro
-        logseq
-        mupdf
-        peek
-        gifski
-        xclip
-        xzoom
-      ];
-    };
+    home.packages = with pkgs; [
+      gnome.pomodoro
+      mupdf
+      peek
+      gifski
+      xclip
+      xzoom
+    ];
 
     xsession = {
       enable = true;

diff --git a/home/roles/mobile/default.nix b/home/roles/mobile/default.nix
@@ -7,6 +7,9 @@ let
   cfg = config.custom.roles.mobile;
   username = "nix-on-droid";
 
+  logseqSshKey = "id_logseq";
+  logseqSshPubKey = "${logseqSshKey}.pub";
+
 in
 
 {
@@ -21,9 +24,18 @@ in
       inherit username;
     };
 
-    custom.base.non-nixos = {
-      enable = true;
-      installNix = false;
+    custom = {
+      base.non-nixos = {
+        enable = true;
+        installNix = false;
+      };
+
+      programs.ssh = {
+        enable = true;
+        identities = [ logseqSshKey logseqSshPubKey ];
+      };
+
+      roles.homeage.secrets = [ logseqSshKey logseqSshPubKey ];
     };
   };
 }