Add sas private repo requirements

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/configs/system/ssh/default.nix

@@ -1,6 +1,8 @@
 { ... }:
 {
   programs.ssh = {
+    startAgent = true;
+
     knownHosts = {
       installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub;
       eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;

hosts/elara/default.nix

@@ -53,7 +53,30 @@
 
   networking.hostName = "elara";
   i18n.defaultLocale = "en_US.UTF-8";
-  sops.defaultSopsFile = ./secrets/secrets.yaml;
+
+  sops = {
+    defaultSopsFile = ./secrets/secrets.yaml;
+
+    # Required for building private SAS packages
+    secrets."ssh/sas/git/key" = {
+      sopsFile = ../../secrets/sas/secrets.yaml;
+      path = "/root/.ssh/ssh_git_sas_ed25519_key";
+    };
+  };
+
+  programs.ssh.extraConfig = ''
+    Host github.com
+      User git
+      HostName github.com
+      IdentityFile /root/.ssh/ssh_git_sas_ed25519_key
+      StrictHostKeyChecking no
+
+    Host gitlab.sas.com
+      User git
+      HostName gitlab.sas.com
+      IdentityFile /root/.ssh/ssh_git_sas_ed25519_key
+      StrictHostKeyChecking no
+  '';
 
   environment.impermanence.device =
     config.disko.devices.disk.usb.content.partitions.root.content.name;

hosts/elara/users/nikara/default.nix

@@ -65,6 +65,10 @@ in
     (import ../../../common/configs/user/gui/wev { inherit user home; })
     (import ../../../common/configs/user/gui/x11 { inherit user home; })
     (import ../../../common/configs/user/gui/xdg { inherit user home; })
+
+    # Warning: the following imports use private SAS repositories.
+    # You must build the system once with these imports commented out,
+    # then uncomment them and rebuild the system once keys are provisioned.
   ];
 
   # echo "password" | mkpasswd -s