{ pkgs, lib, config, inputs, ... }: { imports = [ inputs.home-manager.nixosModules."home-manager" ]; config = { age.secrets.id_ed25519 = { file = ../secrets/id_ed25519.age; mode = "600"; owner = "tzlil"; group = "users"; }; programs.fish.enable = true; # needed now users.users.tzlil = { isNormalUser = true; description = "Me"; extraGroups = ["wheel"]; packages = [pkgs.git]; shell = pkgs.fish; hashedPassword = "$6$FAQYKz3OCtRNOP7h$XsApvP.r./Jv5MRI1idDI9BMnA26xxEvXFlE61Zls.QA3EK2x76XsetdpxSlgViylnRwRuq5XQMc3GeAJ7tum1"; # passwordFile = config.age.secrets.password.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMDyzrs9sbstv3KFK5FV8qYlSknnEy8Cn+qch4dJLmHA" ]; }; nix.settings.allowed-users = ["root" "tzlil"]; nix.settings.trusted-users = ["root" "tzlil"]; home-manager = { useGlobalPkgs = true; useUserPackages = true; backupFileExtension = "backup"; }; home-manager.users.tzlil = {pkgs, ...} @ hm: { home = { stateVersion = "22.05"; username = "tzlil"; homeDirectory = "/home/tzlil"; sessionVariables.SSH_AUTH_SOCK = "/run/user/1000/ssh-agent"; }; programs.ssh = { enable = true; userKnownHostsFile = builtins.toFile "known_hosts" " pc ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINu5lRKb1Ao4uj1tAV10QHKIvXfC8ncQ65b+oJtxrd1e vm ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHS6LK6rCmJCR/rKVJYVmJTL8fAdyJSLlgC3mesd6QVS vps ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdOuj27GB703ZRKRqhytlaLJsKucaRa//yswxijAZT7 "; matchBlocks."*".identityFile = config.age.secrets."id_ed25519".path; }; systemd.user.services.ssh-agent = let agentTimeout = "1h"; in { Unit = { Description = "SSH Agent"; WantedBy = ["default.target"]; }; Service = { ExecStartPre = "${pkgs.coreutils}/bin/rm -f %t/ssh-agent"; ExecStart = "${pkgs.openssh}/bin/ssh-agent " + "-t ${agentTimeout} " + "-a %t/ssh-agent"; StandardOutput = "null"; Type = "forking"; Restart = "on-failure"; SuccessExitStatus = "0 2"; }; }; }; }; }