110 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			110 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { user, home }:
 | |
| {
 | |
|   config,
 | |
|   inputs,
 | |
|   lib,
 | |
|   system,
 | |
|   pkgs,
 | |
|   ...
 | |
| }:
 | |
| let
 | |
|   hmConfig = config.home-manager.users.${user};
 | |
|   selfPkgs = inputs.self.packages.${system};
 | |
| in
 | |
| {
 | |
|   home-manager.users.${user} = {
 | |
|     sops = {
 | |
|       secrets = {
 | |
|         "git/credentials/personal/git.karaolidis.com/admin/username" = {
 | |
|           sopsFile = "${inputs.secrets}/personal/secrets.yaml";
 | |
|           key = "git/credentials/git.karaolidis.com/admin/username";
 | |
|         };
 | |
| 
 | |
|         "git/credentials/personal/git.karaolidis.com/admin/password" = {
 | |
|           sopsFile = "${inputs.secrets}/personal/secrets.yaml";
 | |
|           key = "git/credentials/git.karaolidis.com/admin/password";
 | |
|         };
 | |
| 
 | |
|         "git/credentials/sas/github.com/admin/username" = {
 | |
|           sopsFile = "${inputs.secrets}/sas/secrets.yaml";
 | |
|           key = "git/credentials/github.com/admin/username";
 | |
|         };
 | |
| 
 | |
|         "git/credentials/sas/github.com/admin/password" = {
 | |
|           sopsFile = "${inputs.secrets}/sas/secrets.yaml";
 | |
|           key = "git/credentials/github.com/admin/password";
 | |
|         };
 | |
|       };
 | |
| 
 | |
|       templates."git/credentials" = {
 | |
|         content = ''
 | |
|           https://${hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/username"}:${
 | |
|             hmConfig.sops.placeholder."git/credentials/personal/git.karaolidis.com/admin/password"
 | |
|           }@git.karaolidis.com
 | |
|           https://${hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/username"}:${
 | |
|             hmConfig.sops.placeholder."git/credentials/sas/github.com/admin/password"
 | |
|           }@github.com
 | |
|         '';
 | |
|         path = "${home}/.config/git/credentials";
 | |
|       };
 | |
|     };
 | |
| 
 | |
|     programs = {
 | |
|       git.extraConfig.core.sshCommand = lib.meta.getExe (
 | |
|         pkgs.writeShellApplication {
 | |
|           name = "git-ssh-key-wrapper";
 | |
|           runtimeInputs = with pkgs; [ openssh ];
 | |
|           text = builtins.readFile ./git-ssh-key-wrapper.sh;
 | |
|         }
 | |
|       );
 | |
| 
 | |
|       ssh = {
 | |
|         matchBlocks = {
 | |
|           "github.com" = {
 | |
|             hostname = "github.com";
 | |
|             user = "git";
 | |
|             identityFile = [
 | |
|               "${home}/.ssh/ssh_sas_ed25519_key"
 | |
|               "${home}/.ssh/ssh_personal_ed25519_key"
 | |
|             ];
 | |
|           };
 | |
| 
 | |
|           "gitlab.sas.com" = {
 | |
|             hostname = "gitlab.sas.com";
 | |
|             user = "git";
 | |
|             identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
 | |
|           };
 | |
| 
 | |
|           "gerrit-svi.unx.sas.com" = {
 | |
|             hostname = "gerrit-svi.unx.sas.com";
 | |
|             user = "nikara";
 | |
|             port = 29418;
 | |
|             identityFile = "${home}/.ssh/ssh_sas_ed25519_key";
 | |
|           };
 | |
| 
 | |
|           "artifactlfs.unx.sas.com" = {
 | |
|             hostname = "artifactlfs.unx.sas.com";
 | |
|             user = "nikara";
 | |
|             port = 1339;
 | |
|             identityFile = "${home}/.ssh/ssh_sas_rsa_key";
 | |
|           };
 | |
|         };
 | |
| 
 | |
|         userKnownHostsFiles =
 | |
|           with selfPkgs;
 | |
|           (
 | |
|             [
 | |
|               ssh-known-hosts-github
 | |
|               ssh-known-hosts-gitlab
 | |
|             ]
 | |
|             ++ lib.lists.optionals config.sas.build.private [
 | |
|               ssh-known-hosts-sas-gitlab
 | |
|               ssh-known-hosts-sas-gerrit
 | |
|               ssh-known-hosts-sas-artifact
 | |
|             ]
 | |
|           );
 | |
|       };
 | |
|     };
 | |
|   };
 | |
| }
 |