Fix SSH user reference in secretsSpec and enhance private key handling

2025-05-28 22:53:38 -04:00 · 2025-05-28 22:53:38 -04:00 · 26bca68e24
commit 26bca68e24
parent b33ef09f21
2 changed files with 19 additions and 25 deletions
--- a/home/global/core/ssh.nix
+++ b/home/global/core/ssh.nix
@ -8,7 +8,7 @@
 }:
 let
  ## Get the current user's SSH config ##
-  userSsh = secretsSpec.users.${hostSpec.user}.ssh;
+  userSsh = secretsSpec.users.${hostSpec.username}.ssh;

  ## Generate local key paths for the config ##
  sshKeysMap = lib.mapAttrs (name: _: "${hostSpec.home}/.ssh/${name}") userSsh.privateKeys;
--- a/modules/global/secret-spec.nix
+++ b/modules/global/secret-spec.nix
@ -70,7 +70,15 @@ in
                  privateKeys = lib.mkOption {
                    type = lib.types.attrsOf lib.types.path;
                    description = "SSH private key file paths keyed by name";
-                    readOnly = true;
+                    default = { };
+                    apply =
+                      _:
+                      let
+                        userName = config.hostSpec.username;
+                        userConfig = config.secretsSpec.users.${userName} or { };
+                        privateKeyContents = userConfig.ssh.privateKeyContents or { };
+                      in
+                      lib.mapAttrs (name: content: mkSshKeyFile "${userName}-${name}" content) privateKeyContents;
                  };
                  config = lib.mkOption {
                    type = lib.types.path;
@ -104,7 +112,15 @@ in
                  privateKey = lib.mkOption {
                    type = lib.types.path;
                    description = "GPG private key file path";
-                    readOnly = true;
+                    default = null;
+                    apply =
+                      _:
+                      let
+                        userName = config.hostSpec.username;
+                        userConfig = config.secretsSpec.users.${userName} or { };
+                        privateKeyContent = userConfig.gpg.privateKeyContents or "";
+                      in
+                      if privateKeyContent != "" then mkGpgKeyFile userName privateKeyContent else null;
                  };
                  trust = lib.mkOption {
                    type = lib.types.str;
@ -247,26 +263,4 @@ in
      default = { };
    };
  };
-
-  config.secretsSpec.users = lib.mapAttrs (
-    userName: userConfig:
-    userConfig
-    // {
-      ## Auto-generate SSH private key files ##
-      ssh = userConfig.ssh // {
-        privateKeys = lib.mapAttrs (
-          name: content: mkSshKeyFile "${userName}-${name}" content
-        ) userConfig.ssh.privateKeyContents;
-      };
-
-      ## Auto-generate GPG private key file ##
-      gpg = userConfig.gpg // {
-        privateKey =
-          if userConfig.gpg.privateKeyContents != "" then
-            mkGpgKeyFile "${userName}-gpg" userConfig.gpg.privateKeyContents
-          else
-            null;
-      };
-    }
-  ) config.secretsSpec.users;
 }