feat: sshkey romantic, and yazi theme

2026-01-11 20:40:24 +01:00 · 2023-12-28 21:45:45 +08:00
parent b81b285d92
commit 6442377d1c
4 changed files with 29 additions and 11 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -481,10 +481,10 @@
    "mysecrets": {
      "flake": false,
      "locked": {
-        "lastModified": 1703047359,
-        "narHash": "sha256-Wx4rpa+oTPMRgUcUkhUq4oKBvvPZR+4U1YMnRB6rAQU=",
+        "lastModified": 1703697935,
+        "narHash": "sha256-tRwFFk6ICMlVAv8Ko4MV7FObX/cSeiZis2FcIFlw8uQ=",
        "ref": "refs/heads/main",
-        "rev": "4126e1894fbc8a2ce260def885dcc6ad558a52ca",
+        "rev": "a5143705420a687ad535fdcff4765ee409d6e494",
        "shallow": true,
        "type": "git",
        "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"
--- a/home/base/desktop/ssh.nix
+++ b/home/base/desktop/ssh.nix
@@ -1,4 +1,6 @@
-_: {
+{mysecrets, ...}: {
+  home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
+
  programs.ssh = {
    enable = true;

@@ -18,7 +20,7 @@ _: {
        # It has the same effect as adding cli option `ssh -A user@host`
        ForwardAgent yes
        # romantic holds my homelab~
-        IdentityFile ~/.ssh/romantic
+        IdentityFile /etc/agenix/ssh-key-romantic
        # Specifies that ssh should only use the identity file explicitly configured above
        # required to prevent sending default identity files first.
        IdentitiesOnly yes
@@ -38,20 +40,14 @@ _: {
      Host k8s-main
        HostName 192.168.5.181
        ForwardAgent yes
-        IdentityFile ~/.ssh/romantic
-        IdentitiesOnly yes

      Host k8s-data1
        HostName 192.168.5.182
        ForwardAgent yes
-        IdentityFile ~/.ssh/romantic
-        IdentitiesOnly yes

      Host k8s-data2
        HostName 192.168.5.183
        ForwardAgent yes
-        IdentityFile ~/.ssh/romantic
-        IdentitiesOnly yes
    '';
  };
 }
--- a/secrets/darwin.nix
+++ b/secrets/darwin.nix
@@ -25,6 +25,12 @@
      owner = username;
    };

+    "ssh-key-romantic" = {
+      file = "${mysecrets}/ssh-key-romantic.age";
+      mode = "0600";
+      owner = username;
+    };
+
    # alias-for-work
    "alias-for-work.nushell" = {
      file = "${mysecrets}/alias-for-work.nushell.age";
@@ -52,6 +58,10 @@
      source = config.age.secrets."wg-business.conf".path;
    };

+   "agenix/ssh-key-romantic" = {
+      source = config.age.secrets."ssh-key-romantic".path;
+    };
+
    # The following secrets are used by home-manager modules
    # But nix-darwin doesn't support environment.etc.<name>.mode
    # So we need to change its mode manually
--- a/secrets/nixos.nix
+++ b/secrets/nixos.nix
@@ -34,6 +34,12 @@
      owner = username;
    };

+    "ssh-key-romantic" = {
+      file = "${mysecrets}/ssh-key-romantic.age";
+      mode = "0600";
+      owner = username;
+    };
+
    # alias-for-work
    "alias-for-work.nushell" = {
      file = "${mysecrets}/alias-for-work.nushell.age";
@@ -60,6 +66,12 @@
      source = config.age.secrets."wg-business.conf".path;
    };

+   "agenix/ssh-key-romantic" = {
+      source = config.age.secrets."ssh-key-romantic".path;
+      mode = "0600";
+      user = username;
+    };
+
    # The following secrets are used by home-manager modules
    # So we need to make then readable by the user
    "agenix/alias-for-work.nushell" = {