From 1cb48d9853ca809e1ecb8bc179e2667e682e2199 Mon Sep 17 00:00:00 2001
From: Mark Nipper <nipsy@bitgnome.net>
Date: Tue, 18 Mar 2025 13:05:35 -0700
Subject: Add SSH configuration for root@arrakis

---
 home/root/arrakis.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'home/root/arrakis.nix')

diff --git a/home/root/arrakis.nix b/home/root/arrakis.nix
index ac7a30a..47c9552 100644
--- a/home/root/arrakis.nix
+++ b/home/root/arrakis.nix
@@ -5,6 +5,7 @@
   ];
 
   home.file = {
+    "bin/knock".source = ../common/scripts/knock;
     "bin/vpnctl" = {
       executable = true;
       text = ''
@@ -86,4 +87,15 @@
   nix.extraOptions = ''
     !include /run/secrets/nix-access-token-github
   '';
+
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    defaultSopsFile = ./secrets/arrakis.yaml;
+
+    secrets = {
+      "ssh_config" = {
+        path = "/root/.ssh/config";
+      };
+    };
+  };
 }
-- 
cgit v1.2.3