ssh key management

author: Kj Tsanaktsidis <kjtsanaktsidis@groq.com> 2025-09-07 18:03:24 +1000
committer: Kj Tsanaktsidis <kjtsanaktsidis@groq.com> 2025-09-07 18:03:24 +1000
commit: fe73ac908fb09f3ddacbad5582e2dabac5f4ea25 (patch)
tree: 551d79d5b23d700bb63573e05e9402fb87cd1675
parent: f424c5e6512f9822a91801bf15344bad34019c3e (diff)
5 files changed, 69 insertions, 2 deletions
diff --git a/flake.lock b/flake.lock
index 755173e..fb7ada8 100644
--- a/flake.lock
+++ b/flake.lock
@@ -63,6 +63,26 @@
         "type": "github"
       }
     },
+    "home-manager": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-unstable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1757075491,
+        "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
     "nix-vm-test": {
       "inputs": {
         "nixpkgs": [
@@ -201,6 +221,7 @@
     "root": {
       "inputs": {
         "disko": "disko",
+        "home-manager": "home-manager",
         "nixos-anywhere": "nixos-anywhere",
         "nixos-facter-modules": "nixos-facter-modules",
         "nixpkgs-stable": "nixpkgs-stable",
diff --git a/flake.nix b/flake.nix
index 09968e1..11a730d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -8,6 +8,8 @@
   inputs.sops-nix.inputs.nixpkgs.follows = "nixpkgs-stable";
   inputs.nixos-anywhere.url = "github:nix-community/nixos-anywhere";
   inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs-stable";
+  inputs.home-manager.url = "github:nix-community/home-manager";
+  inputs.home-manager.inputs.nixpkgs.follows = "nixpkgs-unstable";
 
   outputs =
     {
@@ -17,6 +19,7 @@
       nixos-facter-modules,
       sops-nix,
       nixos-anywhere,
+      home-manager,
       ...
     }:
     let
@@ -38,6 +41,15 @@
           {
             config.facter.reportPath = ./kj-laptop01/facter.json;
           }
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.kjtsanaktsidis = ./kj-laptop01/home.nix;
+            home-manager.sharedModules = [
+              sops-nix.homeManagerModules.sops
+            ];
+          }
         ];
       };
 
diff --git a/kj-laptop01/configuration.nix b/kj-laptop01/configuration.nix
index 47daaa8..80450ac 100644
--- a/kj-laptop01/configuration.nix
+++ b/kj-laptop01/configuration.nix
@@ -105,5 +105,10 @@
 
   environment.systemPackages = with pkgs; [
     htop
+    git
+    zellij
+    tmux
+    zsh
+    neovim
   ];
 }
diff --git a/kj-laptop01/home.nix b/kj-laptop01/home.nix
new file mode 100644
index 0000000..e21b0ba
--- /dev/null
+++ b/kj-laptop01/home.nix
@@ -0,0 +1,28 @@
+{
+  config,
+  pkgs,
+  ...
+}:
+{
+  home.username = "kjtsanaktsidis";
+  home.homeDirectory = "/home/kjtsanaktsidis";
+  home.stateVersion = "25.05";
+
+  programs.home-manager.enable = true;
+
+  # Configure sops for home-manager
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = ./secrets.yaml;
+    secrets = {
+      kj_id_ed25519 = {
+        path = "${config.home.homeDirectory}/.ssh/id_ed25519";
+      };
+    };
+  };
+
+  # SSH public key (private key is managed by sops)
+  home.file.".ssh/id_ed25519.pub" = {
+    text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtGcEXu5S/0zsF6Suxc65DmGFGt1JWRnqadoVhErOed kjtsanaktsidis@KJMacbookGroq.local";
+  };
+}
diff --git a/kj-laptop01/secrets.yaml b/kj-laptop01/secrets.yaml
index 6941857..8afe737 100644
--- a/kj-laptop01/secrets.yaml
+++ b/kj-laptop01/secrets.yaml
@@ -2,6 +2,7 @@ kj_hashed_password: ENC[AES256_GCM,data:oBXnSVctLZOEulvaKQlQcWznTlaUViS5u2c6kyKa
 luks_passphrase: ENC[AES256_GCM,data:1HVj/AKohfIkZjzrsJd/S+jG,iv:WSEbPjLUDLsHgR3LdexNRbXOFpCCec0JJy8VnrMy5s8=,tag:/79ZayGOdZb0+tuWPpwbxw==,type:str]
 ssh_host_key_ed25519: ENC[AES256_GCM,data:GYcBJqP05QNpFYpZkhomJzFL48SfE+YwmaWeyLPf1c1XQHXKRkUqsAnfsWOrWY+Jkur4ILfUr0iKaWAKEz7Cci+wzYErffBt0awAL93JsUuzlEQEIPepnPrORdrGKMuQn5ipNzSi+dVzuCk7q+z/ZuQWnK6g/xEE+LUfonCRczhCdG6BhB9qM/5fmpRR3y5K3qCJn+FkoENVvB+TBEDQsofttSK9K8mYbsfYdY+lzv6A3Ax2EFlipFDBR6tO5skkDdi8O6TAPdVtHJNLW0mLG2RaF3npSLUzJvJ1/6KjzWGSbFM2eJfEVniF46MuFtcy9ku4D9AYgxmmkmtEoasKHfPg9ucGBh4HXZstzUaPO010wO8BCAB626UkdoAUYAaTKzal9vxfjRuhtaMYMLphaZqQ1+azM2aZkmoymWbvmb/rFjZcYtsq6OY4ivjadhw/An3Lwdo6MdW0Xycn87CYX1pJzTwNCVxbNMmtAkdPeeOKRUP35FfHpor1YXllb1UPPCcfglt1MlQAPx+nog05,iv:P5jP5N7+dAOLnuV3TP2Vg9O86CuQJzCWsmquhjJTVWg=,tag:BLV1tM1awyfY06kpY4c0jw==,type:str]
 ssh_host_key_rsa: ENC[AES256_GCM,data:20pdqZXBEpi01IO2fUE2R9inNnbQmbYpLIN9BgtGjtyPjpZ8JVgM1rPRg1UGTyxJAD7MZ3IC1UDOBB6tyyBfzMEOlPhlY5rHWqmN3BRjw7p6LMbMuHSAH6djM0RXLh1C5ANfAv3acWxi6PKgplv0aaUwMJ+UtXqWCdfTpfHahkU2ez6Ey8NimU1oay2Nea4pHWHea8OGso45DmjI/cDfy6Q2XKNuuXqjori+uuXe8qT3JDAUNNU4z1w9tielTGu8NbMZ+CWJpUbH2L0phUCdn+xckCVS35uIZOnC7ZIHdnrQLicOLfm3Ff/KYbQoA/6IKkXrxIyUmH2C1EzLG+UPrid5ZtulWi72+/SYgBxPnVES7Qk0qiugAAAnGXhiImeCqkw6n7W9UL4uazSUlmPs9gS2g+5gyk5s8W37ZFaCTo4ySofwy9RS8BQDoqlU20jkiI6M96dypmipVHOA+r0/1aSjw5eYEbC4zI/IUwY+mdXpi/HqP4JKwMXHt81UBqBEZu/P/MWABxRwyPBLX1m6QYUFTHWmiQ7wGamXTJheFZ/dy+OJY1cyEeIBnQfykOxiCIWNHcPQ8i8qT05LvZ0uqg/WzAHxWqOtft1YBEv1Cmu7Zh4fF/DpsXsNIZ9ei1adPb9gE4x808JTvJpTFBtP5q45WKBtcH64fGZkD5ZQ/UeNAcT1BjKTNyNQNJ4zU9qX3HZAHVGvUFwBiioTL796+XoGLbbrReRlXt7Nl1E8SwbxQQTPneAC3YDcxO5kf3o1bpn2L/YWavmfgOW6dekaZW+42TnQiuT9We8vJbQSa7Rmx+FtT1rBFxg98+DozLIFQyT6VHv1gInhx8vLZ0GuoxPWK25SJniZY0Iu8yemuE0zY2CDaABg0irqMbv67ijJkz3zu6BOiwzPDTXv2pxanB+7pSN5rO9gEoWc84IwIKnyVBzzBiPsX5DrQkkBphr7d8yAxWjgOngTVOcjV0zWR+IHXRqNJ3Ww2Fh8XIUpI7/Yuv1ZV2pD5FA2gbifdWfRqqko7JgKFvLYrlfw3hPm06W0/8L2CV9Cq7qkMCo569okfYwRcj2Rxs5pD6FPC0AndTn6ITFkxfyZomfXqwC5IWa5nSBDBFk5h4p96P6uDqjzfGsQCVdj3D/YQUm6dXcYUNRg3+2SjJILEJt7T8kimVBi41OHZaTICFtk8v3j1p5hDP7OdmSGxwiTrp67qQeWH+3XlDCuPoZJ8hSjm1ufU4laZhKogrQJOErPflrBckdj73/FY+F6FhHt8iM1BQmGLTvENGc8iW/hDM3LNYDdQ2x9UxuOVcr1hU68HTzHBMYKquouRVVCa77/3fsJ9vtED7HjfWex4ldvJjxBWLcwDG+QxbNhWHFCKNYCmWMWJGeqMvH+qFo29DfCB98Yk/xpQd4QTrJCHCXifcRFkns6WVsuef0cBYo3tXQtL6YcaCWw5d1MiEYBMf94kYVW/LSVV/PXIfbUNIMpfFAfTrn3XurI8uaIsyU4Y0KT4qOwoT81lASymCeHdwNoWxRcu7+RmJN7ShQd1UrOn5MwXobhhy+R6AKhNSzkYjDBVLgjVShMgx+hM5pc4QurWoyQMGMfPQIfqqHQEUZcBWoHWktA2WgdmDP/n1/Z9PEsdMzonyNhHAMVEHJKx/8VdjpWnS4+MSBflcccXtC/UI/46aPKYtmD18O5whicMvs8/Fat34we0lMrOQ21HbA1469bDyXf5xUCk3ikfvB5jKMgtIQCI9dFl7nOnLXiCQ8b+fsd3BCelKIPMxezY4Gp/RXHiTUG5NHpM+ZKdt5E9zTREET+jgpDCSrQnhsYpJxeQJvqB1lXhvaPtI2Fnbq/bN0sQr+HL1dr8EjZ8q1Y2Wa1jqf7GC84RDo7kCKVvlSFGTy0URdyg5StdLRSKOTIgMIqkN3BJjp59bkfZ9gNs3Y/VhUG51WXEWXk/hoKQ9AtnHUJiiekvV9Mwqtnlts5YBKZKulGQAyhLQ56Hs1zdq7sXQVDXAGStkUenCMFIuHvXHURjM7hFFpOtRs8DJOf6ePszlHPGVXADg7zmgtmeruVSEwZy/jD4ou7oD9sgfrEo1REMxT3VSfthn49oOAj9gOqyPuBnANXt6j3dvAKfHbDTvTdEtevuXa+KK5HM2VNRmEqt5txvwjpHBAeGYvEO9oSa0WbSVI0ySbrgWBhWayS+ap/cqmh3PVxa+kCXKlXk/iDS3eQbg9k/0P2eDTum2sAxE7uzscdezl1q6uW1THbdOoMnOgZkIGSu1oGCtHt/tG92q+cnLaEtkeWbZdRaxZ8jMlkrClPz4LJPAARC1WXsb4VuvgkQGg/M8Mxp8B6GE7Zbdr3glyzgtyE9/3mFkur/PAqyDuUpEXN2XVFOirs8sl7QBfhA5ga5mKqj7AA4AHIx4+Y2t24HjYbLyv0mNH1+ObM4P0BKguZyelxmJi3WMyOXbDws3iR+2GAORB8efA7lvhVWa0o2AMc2vFKN0DWftrt4o+J5xmG/W84s4/LBBYJ9w+jKRC3C587xAliPo0MtkZrRpXbh5KxHUu4j6/Sluy2ivNQYx/BkHW8BWBffdwEAw8zckqhHo7NNqRJdo4fozTHfL1GR4RmhWOM93LGLRHvzsc0HnGTuDxbkOcQcqFSWjs7TyQ/SqRZ8fg7YVX8OzuU0yc+hWBZ2AGwFlzdt5uguFqsmdB19PYCkGxvVE1pqFG4pJWCC+OOnx3nDSWiAjOAW77dUh3eX0eh7n0Ok/6lBcJ2gLkpfPsHT67in8N0rZcCkO2YWO+qCFeoZITTGSRVhlq+RV8L+JRefh5IA0Kbh/hQWO0n1pkJ87pdx9deu0nkUBDktzjyusMTcLxs1qOdvDI8OW6bCxkNWpgtGC0b9GtUiEuT9aHwjYpRjR9yyY7EvjY9qwS6i5+Jbrl6HCiVV++OnSSynk9oSGmqA2qJEhV0jDJN2iTMFrg1zCtRq5XMFGIHQzyp5j65+ZvJUSMbD02vOZN1Urlc6xASc5gc16Ytb57yCSBjyNjHqnG/eHcz2Ef4bXJoOYSVfCJL2Je5lZMcTCva7iZyjXwH5yKKhosrciUVaqEXzEE8QPo8XLtyuYcs81Yc1Rd3Nf+XSST8V4JMd5e2V/xK6X2O7eyTAohclUfyuwP4g6h8YCU0PF8GtIEqr6Ciobo06dUgWSJ5aIZ5T8aI+GZ/vBq2WsO5uziiH+Is18w6t2nSse6Z0tjBJYK1OMopwkiMXYM7XoMYfa7zmZRbqoiuMWCuLvEVaf4b/TnoMUoZn12dDgA5EQNAHXmDz2RhX6lfqxD8sPQH+WJglFu4i8EwZ3uAfQerb3LH8G2srl8+M7sYx3p4B6qXG3yNmIwheQepSkI3mqCVCiz2om8p5gcNyNzgseKGGC/zUVp7t54Lf7n7ohR33HbFLgdxmpo42kT6zY37dCa24rYHxeqlv/sQBCLnP3Ds2ZsRcZhC0Eyk118fCyDWidOmP26S4F5RMVPobkULL9TzZsK+oq2b3qJhDz3U0IIkaQFzsCBKMB4a4SNz8SbPKvy8cllTfQR4QB+T0Rc8HPfh2doMmogpzP7PCuxUz1fi4qEVN8CaS2e6WhHGdSPZFSXnTCiV1N57FkJMqVP3OBgZd4fz6kF5hIWDjtWCSjbMUGiDxv7vu2dBRQI52yLuvVEfzvCqWgGaYF6cMUzLydob103sRFtsYysWZffB7GsFGddc2sx+M6MvH1UYQTfKkICQeVQG+6wSrWjWn7KUM09Sqv3ruBROOM67vYOTENkr4hJkrgGTaYmeOlzmgVb5KmAMOQPdiGhrJiO005z4SKmzOVwCP3zNCXyZvxtchGpSkI1nVcUKrEAONK2PRHESFRSgRnHEJjlTBbFxCMMSv3VDVZ/mrzdWgIQJpA4Jn4QG0pMQaOwX4ZRPkaVZ81Ku9VmLM6HLcHxUumbGDXdkI6H3O5F8Y8xIjbXEuqAa8zj0Vl9Y+209Syk5LMxWZ4vyZygSQ4B+ka57k+6hNFw9GtZ14ju6FBppCZXPYaIgZm6xOPzebikRyQZIsb5Ws1g8fBt5gu0gf0biLaeZFY2J6l570jXDnLEydndZxBk1Fhaq5Fc1rBP6vioxXVrPGlF0PR0HCQil39q0HVyrIsIp5aGJy8Bxl3YYQvOBOaRDbRD05PRTOYw+GNKVdPdSPPqbNqwMzKKvlKLzWTNDLM/qSoIsn1EMDfyETsxk1g0fffY/6ZFM3eXyj7VE7JyzIkGewAXjNnjJYRMAhF9ydbmjezFNjjquckSh8UwdilD81YdMw/IcwEWvHFK46WZJsgXuXvH03K4NKsQ3efchAieC0aGX7Vk4no8N8wIn9SCif/WyF2A6CbW8hQ6tnCsig64uYVt9opVaglzVdOMJEdg/995l8Mm3sjDEl5a/73ag937q2CbS2vs16WfwJR44y7TcUpDFZp9thvQNqzP1Q1tMXMLS9WMfQrRgH9q5JDDF90x/FtY1TDqVEp/w,iv:Tj1/3zP3D/3T6LjpkMYb7aebixmcctOT/cuO9mLMoUw=,tag:BI22/6vv6Ey8L3639aVJ4Q==,type:str]
+kj_id_ed25519: ENC[AES256_GCM,data:TzG4qKXGyOItzm3mWkP95uyr41tovk1kkzzvOnXEY09x3Y9IRgxCC7lmjNd0rSoSk+Z6cN1AjKl5djDr2fwKNehkWU+hj/E1iJG95TFhazGdL9P/JaS/GPEJSoPWexaiVA9mhZ54qTWMjJ6whY8LYyi0wNN+3kueYvNEPh7MpJia142OGEoeso3d5QCkhTPpmBUmjai9+Oa2UTOLyD6vpE5Zs3hoa3b/Nn9zVgoCJbQnjGe9kXZ0ZwZZVKgSsazF80wswgOXaCMx+Zye6ISrgHJvQTTH5egRO48IrjwKBWyx1U+r86Qb0DuWWdUyI5/o3o++UzUTpBTeZIJayxuLCcc5ohS8uq642SPnHTMxLvYMDutPk6XmZcBSPCAm/29uBgiTyD+rxLfSVAEtSX4rLC+aPTMUCrNxwimlN4YZmRg7t+43R5Gm71JhlU3fHfnCdx9WssJ1UVX8hYtj9qdySaXyFDRcphSaMzM+KcrEOeatsoVwmJ3T5LNXkRDgB5P4Lp/+XCPZb62AgGw167K8Do0GFADEKVK/r1O9w6IiTpar2/Rnzeh20Ii9C3KDkkZL,iv:ArYug8GfbAJRxS4WH1yEzwD7mVjIb7uWG4EW/zjxITk=,tag:FacLr+B5UoLXEUaM4kR4/A==,type:str]
 sops:
     age:
         - recipient: age10gj7wx2syxd9xtt032xxrvtz9hcpnh5xfhzdaaw8qztt6xt6jyrqme3pdp
@@ -22,7 +23,7 @@ sops:
             SW02NGZkTlRzWEIzNFZFOVJGdG9JMk0KxuvdafYhE6v4tl/JlnfbYoXK4AzEKGAW
             8909LJVUMLeY8acGB5SNBxo14rvTjd4Hfnmc6W516Ujq+fzapl3pkA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-09-06T06:39:26Z"
-    mac: ENC[AES256_GCM,data:8DajcLNYlo/Ur0mcK1XXekUOUIM72WNMVGJcr/j0QdHkSA5C7Xqcrs+8PKIUdkr0NUPZ0nSBlKwMoB7EAlgLOnP7su0Xe3zHOatmS8U//gAA5RvI3YgjC5fw3BIqpiy/xtPyhCf3yR7U1SGUZvmlvgDuBX6CKTYxvasgfO5MAkU=,iv:tWNbnHXSUVJKfewpTCAN5nWnoSTUjl0atQpsLWP84zk=,tag:1BQaudIl3CbWtNBLa42N3A==,type:str]
+    lastmodified: "2025-09-07T07:37:48Z"
+    mac: ENC[AES256_GCM,data:S+VyGiKYtcb3pxMi8+44I2fqa44LLKpistBL57HHVLHNNPtguvxJMbVA2f/cktaqkmD9aKLlM2AtCHXaYq7aC3FSUdKArMD/v9UHPyvdSduDl8cKXjVZKz968eAhz4j7xgQxvv7tJbFIRIp3wfRB5nD0O2Pdh06N7Z2deNtp6rg=,iv:qs48gpnmSd4lDjyVYZXWUhLxZr4RiZg3k9gJBvaT0rQ=,tag:J0LBnqepeyQeDO2hooS27Q==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2
author	Kj Tsanaktsidis <kjtsanaktsidis@groq.com>	2025-09-07 18:03:24 +1000
committer	Kj Tsanaktsidis <kjtsanaktsidis@groq.com>	2025-09-07 18:03:24 +1000
commit	fe73ac908fb09f3ddacbad5582e2dabac5f4ea25 (patch)
tree	551d79d5b23d700bb63573e05e9402fb87cd1675
parent	f424c5e6512f9822a91801bf15344bad34019c3e (diff)