non sb working

author: KJ Tsanaktsidis <kj@kjtsanaktsidis.id.au> 2026-01-06 22:41:58 +1100
committer: KJ Tsanaktsidis <kj@kjtsanaktsidis.id.au> 2026-01-06 22:41:58 +1100
commit: 2e6a6722c29a8d6345ab81dd72354ea41a8474ac (patch)
tree: f2d15fec498ea51b7bc7f61efb85f3b6a625e6ea /labsrv01/home.nix
parent: 51feac4edbe6b60dab5f731a8adaf3d8d369a1bf (diff)
1 files changed, 8 insertions, 6 deletions
diff --git a/labsrv01/home.nix b/labsrv01/home.nix
index 72824ba..b016b9e 100644
--- a/labsrv01/home.nix
+++ b/labsrv01/home.nix
@@ -53,11 +53,6 @@
     };
   };
 
-  # SSH public key (private key is managed by sops)
-  home.file.".ssh/id_ed25519.pub" = {
-    text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMtGcEXu5S/0zsF6Suxc65DmGFGt1JWRnqadoVhErOed kjtsanaktsidis@KJMacbookGroq.local";
-  };
-
   # Zsh configuration
   programs.zsh = {
     enable = true;
@@ -88,7 +83,14 @@
   };
   home.activation.importGpgPrivateKey = config.lib.dag.entryAfter ["sops-nix" "onFilesChange"] ''
     export GNUPGHOME="${config.programs.gpg.homedir}"
-    $DRY_RUN_CMD ${pkgs.gnupg}/bin/gpg --batch --verbose --trust-model always --import "${config.sops.secrets.kj_gpg_private_key.path}"
+    run ${pkgs.gnupg}/bin/gpg --batch --verbose --trust-model always --import "${config.sops.secrets.kj_gpg_private_key.path}"
     echo "GPG private key imported from sops secret"
   '';
+  home.activation.setSSHPublicKey = config.lib.dag.entryAfter ["sops-nix" "onFilesChange"] ''
+    writeSSHKeygenPublicPart() {
+      ${pkgs.openssh}/bin/ssh-keygen -y -f ~/.ssh/id_ed25519 | tee ~/.ssh/id_ed25519.pub
+    }
+    echo "Setting SSH public key from private part"
+    run writeSSHKeygenPublicPart
+  '';
 }
author	KJ Tsanaktsidis <kj@kjtsanaktsidis.id.au>	2026-01-06 22:41:58 +1100
committer	KJ Tsanaktsidis <kj@kjtsanaktsidis.id.au>	2026-01-06 22:41:58 +1100
commit	2e6a6722c29a8d6345ab81dd72354ea41a8474ac (patch)
tree	f2d15fec498ea51b7bc7f61efb85f3b6a625e6ea /labsrv01/home.nix
parent	51feac4edbe6b60dab5f731a8adaf3d8d369a1bf (diff)