Commit 39e9b6c

HPCesia <me@hpcesia.com>
2026-03-20 15:23:04
refactor: den aspect - pardofelis/ssh
den
1 parent 5f1e679
Changed files (4)
modules
hosts
kevin
pardofelis
users
modules/hosts/kevin/default.nix
@@ -54,7 +54,6 @@ in {
         desktop
         dev
         game
-        ssh-host-pardofelis
       ])
       ++ (
         map
modules/hosts/pardofelis/networking/default.nix
@@ -1,4 +1,4 @@
-{lib, ...} @ topArgs: {
+{
   flake.modules.nixos."hosts/pardofelis" = {config, ...}: let
     iface = "eth0";
   in {
@@ -56,25 +56,4 @@
     vaultix.secrets.hosts-pardofelis-gateway.file = ./gateway.age;
     vaultix.secrets.hosts-pardofelis-gateway6.file = ./gateway6.age;
   };
-
-  flake.modules.nixos.ssh-host-pardofelis = {config, ...}: {
-    programs.ssh.extraConfig = ''
-      Host pardofelis
-        Port ${toString (lib.elemAt (topArgs.config.flake.meta.host.hosts.pardofelis.sshPorts) 0)}
-        Include ${config.vaultix.templates."ssh-host-pardofelis".path}
-    '';
-
-    users.groups.nix-secrets-ssh-hosts = {};
-
-    vaultix.templates.ssh-host-pardofelis = {
-      content = ''
-        HostName ${config.vaultix.placeholder.hosts-pardofelis-ipv4}
-      '';
-      owner = "root";
-      group = "nix-secrets-ssh-hosts";
-      mode = "0440";
-    };
-
-    vaultix.secrets.hosts-pardofelis-ipv4.file = ./ipv4.age;
-  };
 }
modules/hosts/pardofelis/networking/ssh.nix
@@ -0,0 +1,26 @@
+{
+  lib,
+  den,
+  ...
+}: {
+  den.aspects.pardofelis.provides.ssh = {user, ...}: {
+    nixos = {config, ...}: {
+      vaultix.templates.ssh-host-pardofelis = {
+        content = ''
+          HostName ${config.vaultix.placeholder.hosts-pardofelis-ipv4}
+        '';
+        owner = user.userName;
+      };
+
+      vaultix.secrets.hosts-pardofelis-ipv4.file = ./ipv4.age;
+    };
+
+    homeManager = {osConfig, ...}: {
+      programs.ssh.extraConfig = ''
+        Host pardofelis
+          Port ${toString (lib.elemAt den.hosts.x86_64-linux.pardofelis.sshPorts 0)}
+          Include ${osConfig.vaultix.templates."ssh-host-pardofelis".path}
+      '';
+    };
+  };
+}
modules/users/hpcesia/default.nix
@@ -9,6 +9,7 @@ in {
     <den/primary-user>
   ];
 
+  # for all hosts that hpcesia has access to
   den.aspects.hpcesia.provides.to-hosts.includes = [
     ({host, ...}: let
       listHas = l: e: (lib.lists.findFirstIndex (x: x == e) null l) != null;
@@ -21,14 +22,17 @@ in {
     })
   ];
 
+  # host specific configuration for kevin
+  den.aspects.hpcesia.provides.kevin.includes = [
+    <pardofelis/ssh>
+  ];
+
   den.aspects.hpcesia.nixos = {config, ...}: {
     users.users.hpcesia = {
       description = "HPCesia";
       hashedPasswordFile = config.vaultix.secrets.user-hpcesia-hashed-password.path;
       extraGroups =
-        [
-          "nix-secrets-ssh-hosts"
-        ]
+        []
         ++ (lib.optionals config.virtualisation.podman.enable ["podman"])
         ++ (lib.optionals config.virtualisation.docker.enable ["docker"])
         ++ (lib.optionals config.programs.gamemode.enable ["gamemode"]);
@@ -37,8 +41,6 @@ in {
       ];
     };
 
-    users.groups.nix-secrets-ssh-hosts = {};
-
     vaultix.secrets.user-hpcesia-hashed-password.file = ./hashed-password.age;
   };
 }