Update ssh keys

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

flake.lock

@@ -262,11 +262,11 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1753458351,
+        "lastModified": 1754037502,
-        "narHash": "sha256-wsZQkEA3YYouRu7wjepetS6rnwLEr00wMpIQsxbZNTU=",
+        "narHash": "sha256-Bmid1VnROlSSTKNOpgFmm6TLRz3kFtx2/UrEi2rPBoY=",
         "ref": "refs/heads/main",
-        "rev": "6ce176beb34bfe0ac65131564c1fa3f5d0aca1fe",
+        "rev": "57b7f95727361064ef8b551924b8845d80e3074c",
-        "revCount": 26,
+        "revCount": 27,
         "type": "git",
         "url": "https://git.karaolidis.com/karaolidis/nix-secrets.git"
       },

hosts/elara/users/nikara/configs/console/git/default.nix

@@ -1,109 +0,0 @@
-{ user, home }:
-{
-  config,
-  inputs,
-  lib,
-  system,
-  pkgs,
-  ...
-}:
-let
-  hmConfig = config.home-manager.users.${user};
-  selfPkgs = inputs.self.packages.${system};
-in
-{
-  home-manager.users.${user} = {
-    sops = {
-      secrets = {
-        "git/credentials/personal/git.karaolidis.com/admin/username" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-          key = "git/credentials/git.karaolidis.com/admin/username";
-        };
-
-        "git/credentials/personal/git.karaolidis.com/admin/password" = {
-          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-          key = "git/credentials/git.karaolidis.com/admin/password";
-        };
-
-        "git/credentials/sas/github.com/admin/username" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
-          key = "git/credentials/github.com/admin/username";
-        };
-
-        "git/credentials/sas/github.com/admin/password" = {
-          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
-          key = "git/credentials/github.com/admin/password";
-        };
-      };
-
-      templates."git/credentials" = {
-        content = ''
-          https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
-            hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
-          }@git.karaolidis.com
-          https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
-            hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
-          }@github.com
-        '';
-        path = "${home}/.config/git/credentials";
-      };
-    };
-
-    programs = {
-      git.extraConfig.core.sshCommand = lib.meta.getExe (
-        pkgs.writeShellApplication {
-          name = "git-ssh-key-wrapper";
-          runtimeInputs = with pkgs; [ openssh ];
-          text = builtins.readFile ./git-ssh-key-wrapper.sh;
-        }
-      );
-
-      ssh = {
-        matchBlocks = {
-          "github.com" = {
-            hostname = "github.com";
-            user = "git";
-            identityFile = [
-              "${home}/.ssh/ssh_sas_ed25519_key"
-              "${home}/.ssh/ssh_personal_ed25519_key"
-            ];
-          };
-
-          "gitlab.sas.com" = {
-            hostname = "gitlab.sas.com";
-            user = "git";
-            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
-          };
-
-          "gerrit-svi.unx.sas.com" = {
-            hostname = "gerrit-svi.unx.sas.com";
-            user = "nikara";
-            port = 29418;
-            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
-          };
-
-          "artifactlfs.unx.sas.com" = {
-            hostname = "artifactlfs.unx.sas.com";
-            user = "nikara";
-            port = 1339;
-            identityFile = "${home}/.ssh/ssh_sas_rsa_key";
-          };
-        };
-
-        userKnownHostsFiles =
-          with selfPkgs;
-          (
-            [
-              ssh-known-hosts-github
-              ssh-known-hosts-gitlab
-            ]
-            ++ lib.lists.optionals config.sas.build.private [
-              ssh-known-hosts-sas-gitlab
-              ssh-known-hosts-sas-gerrit
-              ssh-known-hosts-sas-artifact
-            ]
-          );
-      };
-    };
-  };
-}

hosts/elara/users/nikara/configs/console/git/git-ssh-key-wrapper.sh

@@ -1,16 +0,0 @@
-# shellcheck shell=bash
-
-key="$HOME/.ssh/ssh_personal_ed25519_key"
-
-if [[ "$*" == *"git@github.com"* ]]; then
-  if [[ "$*" == *"sas-institute-rnd-product/"* ||
-        "$*" == *"sas-institute-rnd-internal/"* ||
-        "$*" == *"sas-institute-rnd-pipeline-test/"* ||
-        "$*" == *"_sasinst/"* ]]; then
-    key="$HOME/.ssh/ssh_sas_ed25519_key"
-  fi
-
-  exec ssh -i "$key" "$@"
-fi
-
-exec ssh "$@"

hosts/elara/users/nikara/configs/console/podman/default.nix

@@ -12,16 +12,16 @@ in
 {
   home-manager.users.${user}.sops = {
     secrets = {
+      "registry/personal/git.karaolidis.com" = {
+        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+        key = "registry/git.karaolidis.com";
+      };
+
       "registry/personal/docker.io" = {
         sopsFile = "${inputs.secrets}/personal/secrets.yaml";
         key = "registry/docker.io";
       };
 
-      "registry/personal/registry.karaolidis.com" = {
-        sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-        key = "registry/registry.karaolidis.com";
-      };
-
       "registry/sas/cr.sas.com" = {
         sopsFile = "${inputs.secrets}/sas/secrets.yaml";
         key = "registry/cr.sas.com";
@@ -32,12 +32,12 @@ in
       content = builtins.readFile (
         (pkgs.formats.json { }).generate "auth.json" {
           auths = {
+            "git.karaolidis.com" = {
+              auth = hmConfig.sops.placeholder."registry/personal/git.karaolidis.com";
+            };
             "docker.io" = {
               auth = hmConfig.sops.placeholder."registry/personal/docker.io";
             };
-            "registry.karaolidis.com" = {
-              auth = hmConfig.sops.placeholder."registry/personal/registry.karaolidis.com";
-            };
             "cr.sas.com" = {
               auth = hmConfig.sops.placeholder."registry/sas/cr.sas.com";
             };

hosts/elara/users/nikara/configs/console/ssh/default.nix

@@ -12,7 +12,8 @@ let
 in
 {
   home-manager.users.${user} = {
-    sops.secrets = {
+    sops = {
+      secrets = {
         "ssh/personal/key" = {
           sopsFile = "${inputs.secrets}/personal/secrets.yaml";
           key = "ssh/key";
@@ -45,6 +46,39 @@ in
           sopsFile = "${inputs.secrets}/sas/secrets.yaml";
           key = "ssh/rsa/pass";
         };
+
+        "git/credentials/personal/git.karaolidis.com/admin/username" = {
+          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          key = "git/credentials/git.karaolidis.com/admin/username";
+        };
+
+        "git/credentials/personal/git.karaolidis.com/admin/password" = {
+          sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+          key = "git/credentials/git.karaolidis.com/admin/password";
+        };
+
+        "git/credentials/sas/github.com/admin/username" = {
+          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          key = "git/credentials/github.com/admin/username";
+        };
+
+        "git/credentials/sas/github.com/admin/password" = {
+          sopsFile = "${inputs.secrets}/sas/secrets.yaml";
+          key = "git/credentials/github.com/admin/password";
+        };
+      };
+
+      templates."git/credentials" = {
+        content = ''
+          https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
+            hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
+          }@git.karaolidis.com
+          https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
+            hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
+          }@github.com
+        '';
+        path = "${home}/.config/git/credentials";
+      };
     };
 
     programs = {
@@ -56,16 +90,60 @@ in
             identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
           };
 
+          "github.com" = {
+            hostname = "github.com";
+            user = "git";
+            identityFile = [
+              "${home}/.ssh/ssh_sas_ed25519_key"
+              "${home}/.ssh/ssh_personal_ed25519_key"
+            ];
+          };
+
+          "gitlab.com" = {
+            hostname = "gitlab.com";
+            user = "git";
+            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
+          };
+
           "cldlgn.fyi.sas.com" = {
             inherit user;
             hostname = "cldlgn.fyi.sas.com";
             identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
           };
+
+          "gitlab.sas.com" = {
+            hostname = "gitlab.sas.com";
+            user = "git";
+            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
+          };
+
+          "gerrit-svi.unx.sas.com" = {
+            hostname = "gerrit-svi.unx.sas.com";
+            user = "nikara";
+            port = 29418;
+            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
+          };
+
+          "artifactlfs.unx.sas.com" = {
+            hostname = "artifactlfs.unx.sas.com";
+            user = "nikara";
+            port = 1339;
+            identityFile = "${home}/.ssh/ssh_sas_rsa_key";
+          };
         };
 
         userKnownHostsFiles =
           with selfPkgs;
-          lib.lists.optionals config.sas.build.private [ ssh-known-hosts-sas-cldlgn ];
+          [
+            ssh-known-hosts-github
+            ssh-known-hosts-gitlab
+          ]
+          ++ lib.lists.optionals config.sas.build.private [
+            ssh-known-hosts-sas-cldlgn
+            ssh-known-hosts-sas-gitlab
+            ssh-known-hosts-sas-gerrit
+            ssh-known-hosts-sas-artifact
+          ];
       };
 
       clipbook.bookmarks = {

hosts/elara/users/nikara/default.nix

@@ -86,7 +86,6 @@ in
     (import ../../../common/configs/user/gui/xdg { inherit user home; })
 
     (import ./configs/console/c { inherit user home; })
-    (import ./configs/console/git { inherit user home; })
     (import ./configs/console/go { inherit user home; })
     (import ./configs/console/gpg { inherit user home; })
     (import ./configs/console/gradle { inherit user home; })

hosts/himalia/users/nick/configs/console/git/default.nix

@@ -1,48 +0,0 @@
-{ user, home }:
-{
-  config,
-  inputs,
-  lib,
-  system,
-  ...
-}:
-let
-  hmConfig = config.home-manager.users.${user};
-  selfPkgs = inputs.self.packages.${system};
-in
-{
-  home-manager.users.${user} = {
-    sops = {
-      secrets = {
-        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
-        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
-      };
-
-      templates."git/credentials" = {
-        content = ''
-          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
-            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
-          }@git.karaolidis.com
-        '';
-        path = "${home}/.config/git/credentials";
-      };
-    };
-
-    programs.ssh = {
-      matchBlocks = {
-        "github.com" = {
-          hostname = "github.com";
-          user = "git";
-          identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
-        };
-      };
-
-      userKnownHostsFiles = with selfPkgs; [
-        ssh-known-hosts-github
-        ssh-known-hosts-gitlab
-      ];
-    };
-  };
-}

hosts/himalia/users/nick/configs/console/podman/default.nix

@@ -11,20 +11,20 @@ in
 {
   home-manager.users.${user}.sops = {
     secrets = {
+      "registry/git.karaolidis.com".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
       "registry/docker.io".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
-      "registry/registry.karaolidis.com".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
     };
 
     templates."containers-auth.json" = {
       content = builtins.readFile (
         (pkgs.formats.json { }).generate "auth.json" {
           auths = {
+            "git.karaolidis.com" = {
+              auth = hmConfig.sops.placeholder."registry/git.karaolidis.com";
+            };
             "docker.io" = {
               auth = hmConfig.sops.placeholder."registry/docker.io";
             };
-            "registry.karaolidis.com" = {
-              auth = hmConfig.sops.placeholder."registry/registry.karaolidis.com";
-            };
           };
         }
       );

hosts/himalia/users/nick/configs/console/ssh/default.nix

@@ -1,19 +1,71 @@
 { user, home }:
-{ config, inputs, ... }:
+{
+  config,
+  inputs,
+  system,
+  ...
+}:
 let
   hmConfig = config.home-manager.users.${user};
+  selfPkgs = inputs.self.packages.${system};
 in
 {
   home-manager.users.${user} = {
-    sops.secrets = {
+    sops = {
+      secrets = {
         "ssh/key" = {
           sopsFile = "${inputs.secrets}/personal/secrets.yaml";
           path = "${home}/.ssh/ssh_personal_ed25519_key";
         };
 
         "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+
+        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
+          "${inputs.secrets}/personal/secrets.yaml";
+
+        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
+          "${inputs.secrets}/personal/secrets.yaml";
       };
 
-    programs.clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;
+      templates."git/credentials" = {
+        content = ''
+          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
+            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
+          }@git.karaolidis.com
+        '';
+        path = "${home}/.config/git/credentials";
+      };
+    };
+
+    programs = {
+      ssh = {
+        matchBlocks = {
+          "karaolidis.com" = {
+            hostname = "karaolidis.com";
+            user = "nick";
+            identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
+          };
+
+          "github.com" = {
+            hostname = "github.com";
+            user = "git";
+            identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
+          };
+
+          "gitlab.com" = {
+            hostname = "gitlab.com";
+            user = "git";
+            identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
+          };
+        };
+
+        userKnownHostsFiles = with selfPkgs; [
+          ssh-known-hosts-github
+          ssh-known-hosts-gitlab
+        ];
+      };
+
+      clipbook.bookmarks."SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/pass".path;
+    };
   };
 }

hosts/himalia/users/nick/default.nix

@@ -94,7 +94,6 @@ in
     (import ../../../common/configs/user/gui/x11 { inherit user home; })
     (import ../../../common/configs/user/gui/xdg { inherit user home; })
 
-    (import ./configs/console/git { inherit user home; })
     (import ./configs/console/gpg { inherit user home; })
     (import ./configs/console/podman { inherit user home; })
     (import ./configs/console/ssh { inherit user home; })

hosts/installer/users/nick/configs/console/git/default.nix

@@ -1,48 +0,0 @@
-{ user, home }:
-{
-  config,
-  inputs,
-  lib,
-  system,
-  ...
-}:
-let
-  hmConfig = config.home-manager.users.${user};
-  selfPkgs = inputs.self.packages.${system};
-in
-{
-  home-manager.users.${user} = {
-    sops = {
-      secrets = {
-        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
-        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
-          "${inputs.secrets}/personal/secrets.yaml";
-      };
-
-      templates."git/credentials" = {
-        content = ''
-          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
-            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
-          }@git.karaolidis.com
-        '';
-        path = "${home}/.config/git/credentials";
-      };
-    };
-
-    programs.ssh = {
-      matchBlocks = {
-        "github.com" = {
-          hostname = "github.com";
-          user = "git";
-          identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
-        };
-      };
-
-      userKnownHostsFiles = with selfPkgs; [
-        ssh-known-hosts-github
-        ssh-known-hosts-gitlab
-      ];
-    };
-  };
-}

hosts/installer/users/nick/configs/console/ssh/default.nix

@@ -1,22 +1,67 @@
 { user, home }:
-{ inputs, ... }:
+{
+  config,
+  inputs,
+  system,
+  ...
+}:
+let
+  hmConfig = config.home-manager.users.${user};
+  selfPkgs = inputs.self.packages.${system};
+in
 {
   home-manager.users.${user} = {
-    sops.secrets = {
+    sops = {
+      secrets = {
         "ssh/key" = {
           sopsFile = "${inputs.secrets}/personal/secrets.yaml";
           path = "${home}/.ssh/ssh_personal_ed25519_key";
         };
 
         "ssh/pass".sopsFile = "${inputs.secrets}/personal/secrets.yaml";
+
+        "git/credentials/git.karaolidis.com/admin/username".sopsFile =
+          "${inputs.secrets}/personal/secrets.yaml";
+
+        "git/credentials/git.karaolidis.com/admin/password".sopsFile =
+          "${inputs.secrets}/personal/secrets.yaml";
       };
 
-    programs.ssh.matchBlocks = {
+      templates."git/credentials" = {
+        content = ''
+          https://${hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/username"}:${
+            hmConfig.sops.placeholder."git/credentials/git.karaolidis.com/admin/password"
+          }@git.karaolidis.com
+        '';
+        path = "${home}/.config/git/credentials";
+      };
+    };
+
+    programs.ssh = {
+      matchBlocks = {
         "karaolidis.com" = {
           hostname = "karaolidis.com";
           user = "nick";
           identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
         };
+
+        "github.com" = {
+          hostname = "github.com";
+          user = "git";
+          identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
+        };
+
+        "gitlab.com" = {
+          hostname = "gitlab.com";
+          user = "git";
+          identityFile = "${home}/.ssh/ssh_personal_ed25519_key";
+        };
+      };
+
+      userKnownHostsFiles = with selfPkgs; [
+        ssh-known-hosts-github
+        ssh-known-hosts-gitlab
+      ];
     };
   };
 }

hosts/installer/users/nick/default.nix

@@ -39,7 +39,6 @@ in
     (import ../../../common/configs/user/console/zoxide { inherit user home; })
     (import ../../../common/configs/user/console/zsh { inherit user home; })
 
-    (import ./configs/console/git { inherit user home; })
     (import ./configs/console/gpg { inherit user home; })
     (import ./configs/console/ssh { inherit user home; })
   ];