Add sas RSA key

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-03-14 10:17:32 +00:00
parent e4ff6f13b1
commit 0cc1e79966
5 changed files with 53 additions and 7 deletions
--- a/hosts/elara/configs/git/default.nix
+++ b/hosts/elara/configs/git/default.nix
@@ -9,9 +9,9 @@ let
  selfPkgs = inputs.self.packages.${system};
 in
 {
-  sops.secrets."ssh/sas/key" = {
+  sops.secrets."ssh/sas/ed25519/key" = {
    sopsFile = ../../../../secrets/sas/secrets.yaml;
-    key = "ssh/key";
+    key = "ssh/ed25519/key";
    path = "/root/.ssh/ssh_sas_ed25519_key";
  };

--- a/hosts/elara/users/nikara/configs/console/git/default.nix
+++ b/hosts/elara/users/nikara/configs/console/git/default.nix
@@ -84,6 +84,13 @@ in
            port = 29418;
            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
          };
+
+          "artifactlfs.unx.sas.com" = {
+            hostname = "artifactlfs.unx.sas.com";
+            user = "nikara";
+            port = 1339;
+            identityFile = "${home}/.ssh/ssh_sas_rsa_key";
+          };
        };

        userKnownHostsFiles =
@@ -93,6 +100,7 @@ in
            ++ lib.lists.optionals config.sas.build.private [
              ssh-known-hosts-sas-gitlab
              ssh-known-hosts-sas-gerrit
+              ssh-known-hosts-sas-artifact
            ]
          );
      };
--- a/hosts/elara/users/nikara/configs/console/ssh/default.nix
+++ b/hosts/elara/users/nikara/configs/console/ssh/default.nix
@@ -27,15 +27,26 @@ in
        key = "ssh/pass";
      };

-      "ssh/sas/key" = {
+      "ssh/sas/ed25519/key" = {
        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
-        key = "ssh/key";
+        key = "ssh/ed25519/key";
        path = "${home}/.ssh/ssh_sas_ed25519_key";
      };

-      "ssh/sas/pass" = {
+      "ssh/sas/ed25519/pass" = {
        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
-        key = "ssh/pass";
+        key = "ssh/ed25519/pass";
+      };
+
+      "ssh/sas/rsa/key" = {
+        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
+        key = "ssh/rsa/key";
+        path = "${home}/.ssh/ssh_sas_rsa_key";
+      };
+
+      "ssh/sas/rsa/pass" = {
+        sopsFile = ../../../../../../../secrets/sas/secrets.yaml;
+        key = "ssh/rsa/pass";
      };
    };

@@ -56,7 +67,8 @@ in

      clipbook.bookmarks = {
        "Personal SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/personal/pass".path;
-        "SAS SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/pass".path;
+        "SAS SSH ED25519 Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/ed25519/pass".path;
+        "SAS SSH RSA Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/rsa/pass".path;
      };
    };
  };
--- a/packages/default.nix
+++ b/packages/default.nix
@@ -30,6 +30,9 @@
  ssh-known-hosts-github = import ./ssh/known-hosts/github { inherit pkgs inputs system; };

  # SAS
+  ssh-known-hosts-sas-artifact = import ./ssh/known-hosts/sas/artifact {
+    inherit pkgs inputs system;
+  };
  ssh-known-hosts-sas-cldlgn = import ./ssh/known-hosts/sas/cldlgn { inherit pkgs inputs system; };
  ssh-known-hosts-sas-gerrit = import ./ssh/known-hosts/sas/gerrit { inherit pkgs inputs system; };
  ssh-known-hosts-sas-gitlab = import ./ssh/known-hosts/sas/gitlab { inherit pkgs inputs system; };
--- a/packages/ssh/known-hosts/sas/artifact/default.nix
+++ b/packages/ssh/known-hosts/sas/artifact/default.nix
@@ -0,0 +1,23 @@
+{
+  pkgs,
+  inputs,
+  system,
+  ...
+}:
+# AUTO-UPDATE: echo "Warning: Package using custom fetcher cannot be automatically updated." >&2
+pkgs.stdenv.mkDerivation rec {
+  pname = "ssh-known-hosts-sas-artifact";
+  version = "0-unstable-2025-03-14";
+
+  src = inputs.self.lib.${system}.fetchers.sshKnownHosts {
+    host = "artifactlfs.unx.sas.com";
+    port = 1339;
+    hash = "sha256-r3RaTj1GClvD0NwMwgNyfLYNBBjtGFu72CqB1L7f6wQ=";
+  };
+
+  phases = [ "installPhase" ];
+
+  installPhase = ''
+    cp $src $out
+  '';
+}