Crypto Change

luks for xps ssh via ssh sops via age gpg backbone, but not removed gpg-agent removed
2025-10-04 22:53:18 +02:00
parent 21fee7056a
commit 6809a6494f
8 changed files with 144 additions and 137 deletions
--- a/home-modules/ssh.nix
+++ b/home-modules/ssh.nix
@@ -2,16 +2,18 @@
 {
  home = {
    packages = with pkgs; [ sshfs ];
-    file.".ssh/config".text = ''
+    file."vault/ssh/config".text = /* ssh */ ''
      HOST nxace
          HostName ssh.${hyper.domain}
          User ${hyper.user}
          Port 50022
+          IdentityFile ~/vault/ssh/nxace-nx2-${hyper.host}

      HOST nxacel
          HostName 10.0.1.1
          User ${hyper.user}
          Port 50022
+          IdentityFile ~/vault/ssh/nxace-nx2-${hyper.host}

      HOST nxrpil
          HostName 10.0.1.31
@@ -22,6 +24,27 @@
          HostName ssh.${hyper.domain}
          User git
          Port 50022
+          IdentityFile ~/vault/ssh/nxgit-nx2-${hyper.host}
    '';
  };
+  # services.gpg-agent = let 
+  #   min2sec = min: (min * 60); 
+  # in {
+  #   enable = true;
+  #   verbose = true;
+  #   sshKeys = [
+  #     "97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey
+  #   ];
+  #   enableSshSupport = true;
+  #   enableFishIntegration = true;
+  #   defaultCacheTtlSsh = min2sec 60;
+  #   defaultCacheTtl = min2sec 30;
+  #   pinentry = {
+  #     package = pkgs.pinentry;
+  #     program = "pinentry";
+  #   };
+  #   extraConfig = ''
+  #     allow-loopback-pinentry
+  #   '';
+  # };
 }