{ user, home }: { config, inputs, pkgs, lib, ... }: let hmConfig = config.home-manager.users.${user}; in { home-manager.users.${user} = { sops = { secrets = { "ssh/personal/key" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "ssh/key"; path = "${home}/.ssh/ssh_personal_ed25519_key"; }; "ssh/personal/pass" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "ssh/pass"; }; "ssh/sas/ed25519/key" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/ed25519/key"; path = "${home}/.ssh/ssh_sas_ed25519_key"; }; "ssh/sas/ed25519/pass" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/ed25519/pass"; }; "ssh/sas/rsa/key" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/rsa/key"; path = "${home}/.ssh/ssh_sas_rsa_key"; }; "ssh/sas/rsa/pass" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "ssh/rsa/pass"; }; "git/credentials/personal/git.karaolidis.com/username" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/git.karaolidis.com/username"; }; "git/credentials/personal/git.karaolidis.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/git.karaolidis.com/tokens/admin"; }; "git/credentials/sas/github.com/username" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "git/credentials/github.com/username"; }; "git/credentials/sas/github.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/sas/secrets.yaml"; key = "git/credentials/github.com/tokens/admin"; }; "git/credentials/personal/github.com/username" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/github.com/username"; }; "git/credentials/personal/github.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/github.com/tokens/admin"; }; "git/credentials/personal/gitlab.com/username" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/gitlab.com/username"; }; "git/credentials/personal/gitlab.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/gitlab.com/tokens/admin"; }; "git/credentials/personal/gitea.com/username" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/gitea.com/username"; }; "git/credentials/personal/gitea.com/tokens/admin" = { sopsFile = "${inputs.secrets}/domains/personal/secrets.yaml"; key = "git/credentials/gitea.com/tokens/admin"; }; }; templates."git/credentials" = { content = '' https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/username"}:${ hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/tokens/admin" }@git.karaolidis.com https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/username"}:${ hmConfig.sops.placeholder."git/credentials/sas/github.com/tokens/admin" }@github.com https://${hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/username"}:${ hmConfig.sops.placeholder."git/credentials/personal/gitlab.com/tokens/admin" }@gitlab.com https://${hmConfig.sops.placeholder."git/credentials/personal/gitea.com/username"}:${ hmConfig.sops.placeholder."git/credentials/personal/gitea.com/tokens/admin" }@gitea.com ''; path = "${home}/.config/git/credentials"; }; }; programs = { ssh.matchBlocks = { "karaolidis.com" = { hostname = "karaolidis.com"; user = "nick"; identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; }; "tunnel.karaolidis.com" = { hostname = "tunnel.karaolidis.com"; user = "nick"; port = 2222; identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; }; "github.com" = { hostname = "github.com"; user = "git"; identityFile = [ "${home}/.ssh/ssh_personal_ed25519_key" ]; userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.github; }; "gitlab.com" = { hostname = "gitlab.com"; user = "git"; identityFile = "${home}/.ssh/ssh_personal_ed25519_key"; userKnownHostsFile = builtins.toString pkgs.sshKnownHosts.gitlab; }; "github.sas.com" = { hostname = "github.com"; user = "git"; identityFile = [ "${home}/.ssh/ssh_sas_ed25519_key" ]; userKnownHostsFile = lib.mkIf config.sas.build.private ( builtins.toString pkgs.sshKnownHosts.github ); }; "cldlgn.fyi.sas.com" = { inherit user; hostname = "cldlgn.fyi.sas.com"; identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; userKnownHostsFile = lib.mkIf config.sas.build.private ( builtins.toString pkgs.sshKnownHosts.sas-cldlgn ); }; "gitlab.sas.com" = { hostname = "gitlab.sas.com"; user = "git"; identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; userKnownHostsFile = lib.mkIf config.sas.build.private ( builtins.toString pkgs.sshKnownHosts.sas-gitlab ); }; "gerrit-svi.unx.sas.com" = { hostname = "gerrit-svi.unx.sas.com"; user = "nikara"; port = 29418; identityFile = "${home}/.ssh/ssh_sas_ed25519_key"; userKnownHostsFile = lib.mkIf config.sas.build.private ( builtins.toString pkgs.sshKnownHosts.sas-gerrit ); }; "artifactlfs.unx.sas.com" = { hostname = "artifactlfs.unx.sas.com"; user = "nikara"; port = 1339; identityFile = "${home}/.ssh/ssh_sas_rsa_key"; userKnownHostsFile = lib.mkIf config.sas.build.private ( builtins.toString pkgs.sshKnownHosts.sas-artifact ); }; }; git.extraConfig.url = { "git@github.sas.com:sas-institute-rnd-product".insteadOf = "git@github.com:sas-institute-rnd-product"; "git@github.sas.com:sas-institute-rnd-internal".insteadOf = "git@github.com:sas-institute-rnd-internal"; "git@github.sas.com:sas-institute-rnd-pipeline-test".insteadOf = "git@github.com:sas-institute-rnd-pipeline-test"; "git@github.sas.com:Nick-Karaolidis_sasinst".insteadOf = "git@github.com:Nick-Karaolidis_sasinst"; }; clipbook.bookmarks = { "Personal SSH Key Passphrase".source = hmConfig.sops.secrets."ssh/personal/pass".path; "SAS SSH ED25519 Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/ed25519/pass".path; "SAS SSH RSA Key Passphrase".source = hmConfig.sops.secrets."ssh/sas/rsa/pass".path; }; }; }; }