From d9b33554b9cd862182bc03c174e2506a45ddec94 Mon Sep 17 00:00:00 2001
From: ulic-youthlic <uilc.youthilc@gmail.com>
Date: Sun, 12 Jan 2025 00:01:46 +0800
Subject: [PATCH] add ssh config to sops encrypt file `secrets/ssh-config.yaml`

---
 .../configurations/Tytonidae/default.nix      |  7 ++++++
 secrets/general.yaml                          |  4 ++--
 secrets/ssh-config.yaml                       | 24 +++++++++++++++++++
 3 files changed, 33 insertions(+), 2 deletions(-)
 create mode 100644 secrets/ssh-config.yaml

diff --git a/home/david/configurations/Tytonidae/default.nix b/home/david/configurations/Tytonidae/default.nix
index e8f536b..13752d0 100644
--- a/home/david/configurations/Tytonidae/default.nix
+++ b/home/david/configurations/Tytonidae/default.nix
@@ -96,6 +96,7 @@
         };
       };
     };
+    includes = [ config.sops.secrets.ssh-config.path ];
   };
   programs.chromium = {
     enable = true;
@@ -117,6 +118,12 @@
     path = "${config.home.homeDirectory}/.ssh/id_ed25519";
   };
 
+  sops.secrets."ssh-config" = {
+    mode = "0400";
+    format = "yaml";
+    sopsFile = rootPath + "/secrets/ssh-config.yaml";
+  };
+
   sops.gnupg = {
     home = "${config.home.homeDirectory}/.gnupg";
   };
diff --git a/secrets/general.yaml b/secrets/general.yaml
index 311a2b0..9632c92 100644
--- a/secrets/general.yaml
+++ b/secrets/general.yaml
@@ -6,8 +6,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2025-01-11T11:43:04Z"
-    mac: ENC[AES256_GCM,data:AYm0H1M3GgezFNwAUksBqj1w64+47wgB7lUyumXZAzR6rP+vlFL/D2hv9elwhSwaCX1qs1IIrZfIiZ4r64Gau81irSZapq2lBXj36puOQnG1O201NRGUJZ7dKx9hJ+w3j3UO8ZIAyicElwA4aXAPnyjZj43rz1gifji1yJXh6Pk=,iv:b4xsybEknmef+7+I0FRyWHCAhfa6prhf6bu0LNwf8TU=,tag:R9v74tTX/VLMPawU5LIrtQ==,type:str]
+    lastmodified: "2025-01-11T14:58:31Z"
+    mac: ENC[AES256_GCM,data:exP8VRjXNq0mCDDcS0qvuUXrmJ86IMU6GIXINud9n2T6143B3y/uNPH44UtDsVQ2z7DhJqhvRNQgWTrUz0b/QFqmF74MA28JAbzz8bKEHRKzKlATT/nPesTX87FONf/vmmDpAWMh0kolU+Rj10q8VIRLKhxto9WwoKO4j8HPRhE=,iv:cWhuEHCFngGAfUh6UqiFi4uUKPogE5oYoNJPodtIgxU=,tag:XUlPPLTCiw/kSdHyM8/28w==,type:str]
     pgp:
         - created_at: "2025-01-10T12:20:32Z"
           enc: |-
diff --git a/secrets/ssh-config.yaml b/secrets/ssh-config.yaml
new file mode 100644
index 0000000..0c42556
--- /dev/null
+++ b/secrets/ssh-config.yaml
@@ -0,0 +1,24 @@
+ssh-config: ENC[AES256_GCM,data:NIYcwDJ9ycS2C/BZA0GFETURDUPcuPlP9Cn1Ku0AZNiWtqI3w+kIhu2G37j9F6k04gSS+BviQ2C5LRJbJb9+blHHeL7+pACgWVJGLBw=,iv:gpE8RdvX4ZWgBrgYKOXbV6aIwFHbLT6mb+plVkRISdU=,tag:GPGn0B0ibPA6ddt/ae68Lg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2025-01-11T15:33:47Z"
+    mac: ENC[AES256_GCM,data:nGi6Z8XV67/VssmOFlAGy9F+nwgO0OwtMl1VSHvHEM8zeOIvdftcCh7jTdLUpRXi/bNY/3eidSLr9HWdNprPed98E8qA37OdFYwb7nousqVjWMWLZlMNCBfGeCbUQxu1+fiJnMzrYKJGQHPfYhWr0rOizOCUT707uOT+6Rs+CJE=,iv:1p9q2m4HQrouf6vymlA1PG2fCZNnRTZruhEqRna+1UY=,tag:uD0a/NwXKsaH5DhPbJ8aWg==,type:str]
+    pgp:
+        - created_at: "2025-01-11T14:58:53Z"
+          enc: |-
+            -----BEGIN PGP MESSAGE-----
+
+            hF4DNZgse+e4B/gSAQdAHHLJHSheWR76VPjKuHzcELWfkfWecafPv29r5TnXGFgw
+            QfAypb7nQT5v01tKI4V6VCtsevDL868voABCwu7Izg6onDOxH26zsRg+m0GvfFwK
+            1GYBCQIQH8VmTueJ7KN6CS6vqdEFEVrpuwrmQAa6aS94ir0U5qE3xDXfsgb61ETq
+            6ybtGXmNpmd2Gy842DxngHnxgL+v8YG61bJ2L0tB1S/MxOxVGueIkxNs2C5Bg6e/
+            wCz2U/E31Q4=
+            =cnit
+            -----END PGP MESSAGE-----
+          fp: C6FCBD7F49E1CBBABD6661F7FC02063F04331A95
+    unencrypted_suffix: _unencrypted
+    version: 3.9.2