Refactor git credentials secrets

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-02-28 11:00:21 +00:00
parent d8374fe7b7
commit 91104fc4b0
16 changed files with 235 additions and 134 deletions
--- a/hosts/installer/users/nick/configs/console/git/default.nix
+++ b/hosts/installer/users/nick/configs/console/git/default.nix
@@ -17,16 +17,16 @@ in
  home-manager.users.${user} = {
    sops = {
      secrets = {
-        "git/credentials/git.karaolidis.com/username".sopsFile =
+        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
          ../../../../../../../secrets/personal/secrets.yaml;
-        "git/credentials/git.karaolidis.com/password".sopsFile =
+        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
          ../../../../../../../secrets/personal/secrets.yaml;
      };

      templates."git/credentials" = {
        content = ''
-          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/username"}:${
-            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/password"
+          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
+            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
          }@git.karaolidis.com
        '';
        path = "${home}/.config/git/credentials";
--- a/hosts/installer/users/nick/configs/console/gpg/default.nix
+++ b/hosts/installer/users/nick/configs/console/gpg/default.nix
@@ -0,0 +1,11 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ ... }:
+{
+  home-manager.users.${user}.sops.secrets = {
+    "gpg/key".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+    "gpg/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+  };
+}
--- a/hosts/installer/users/nick/configs/console/ssh/default.nix
+++ b/hosts/installer/users/nick/configs/console/ssh/default.nix
@@ -0,0 +1,16 @@
+{
+  user ? throw "user argument is required",
+  home ? throw "home argument is required",
+}:
+{ ... }:
+{
+  home-manager.users.${user}.sops.secrets = {
+    "ssh/key" = {
+      sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+      path = "${home}/.ssh/ssh_personal_ed25519_key";
+    };
+
+    "ssh/pass".sopsFile = ../../../../../../../secrets/personal/secrets.yaml;
+
+  };
+}
--- a/hosts/installer/users/nick/default.nix
+++ b/hosts/installer/users/nick/default.nix
@@ -33,6 +33,8 @@ in
    (import ../../../common/configs/user/console/zsh { inherit user home; })

    (import ./configs/console/git { inherit user home; })
+    (import ./configs/console/gpg { inherit user home; })
+    (import ./configs/console/ssh { inherit user home; })
  ];

  # echo "password" | mkpasswd -s
@@ -56,23 +58,8 @@ in

  services.getty.autologinUser = user;

-  home-manager.users.${user} = {
-    home = {
-      username = user;
-      homeDirectory = home;
-    };
-
-    sops.secrets = {
-      "ssh/key" = {
-        sopsFile = ../../../../secrets/personal/secrets.yaml;
-        path = "${home}/.ssh/ssh_personal_ed25519_key";
-      };
-
-      "ssh/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
-
-      "gpg/key".sopsFile = ../../../../secrets/personal/secrets.yaml;
-
-      "gpg/pass".sopsFile = ../../../../secrets/personal/secrets.yaml;
-    };
+  home-manager.users.${user}.home = {
+    username = user;
+    homeDirectory = home;
  };
 }