refactor(apps): better ssh config generation for 1password

hosts/laptop/secrets.yaml

@@ -14,12 +14,12 @@ users:
         github: ENC[AES256_GCM,data:GU7LL0TgRM9FQCJZkBR6xc8mJqwI2CBxYN6k5wJmgW3R98P9gDgWaaXqZSjAkpL0Tzpk92K5PxtMgalULAn1yDezrmgR1Kffn/ik0xfStik=,iv:PUPzC7VGI+7kBK3MqQLbU10fuaIjnAc3TLMZPExeH9w=,tag:VpKLipdN8sNPz5v3MkPeBg==,type:str]
     ssh_agent: ENC[AES256_GCM,data:tBfuzVv55nvF8HeqrBdhgPsy4zXVRof4kQ6qJ9mEdD92hS+9SM8AC4hrYmv93K/DnwzA3AZOj/Cx72vvnMrG5za8WzS8XeB8Vvz5sT5bIzbHkV47dqQtrDKxy4Y0h4JTBWOeSl3Eyd7+C4bqmV8P63+rtsxoAExZUnZH9tXbq/l2gauOOfueU2b9Y/bqbOWxTEKla1P8QIUQitYWxS0AxtCYtkSlY7JRwOCof0aaKTKTDy+sTfnwRfpB2aiPkh4qhfVZK6iUAEx77+q7gEYHVrI0Iv1mUS1mIg8vol6lsi6fWKp15jG/mu1KnzzMdnAL/RqDnZ6eoQTXkYdybqTSeWv6lTdgpFgJoYv/hxOwbU9Yonk2V+8VXt4InlwbhY4Cbo4ahP71GTIMjEkxjzKN6RP+MvE7NrRT4MUVrN5NGkVOKwiZMKSA4HUuZffx5uGUA5WlR9UesX8dkYRG+y7ghqsQOgXramh4MpfMJcrpP9E2favUM+NNdQ0gHZF3twJpZEB1/A0ExpBgm6WiU1nvEZk0AsnVtUAxPXocJHyyixLMGtOGnooRqmnIbWk8HS/JkEU+UrWJ,iv:+2Tu0I21LM8TEQpGdUi7e2DzraXziQ0X32XHZVr5Z38=,tag:Jdr5g3EbJkZlP+QA6Txn3A==,type:str]
 ssh_servers:
-    prod: ENC[AES256_GCM,data:ePIFp2zmsQCg7+mBxO+YRoCz47A1QgOqZ/85qqghvlEu5j/fFV9QaNC9CewoI4uDS4PYwcrKOqNn6ZLHV+s8fV0pHghIK0ekCT7B6kiO8xD4wBA=,iv:pbo+wGM6y7vthHRvC0Cka/07BEuNiotj8PwnqzjUJGI=,tag:7MJFfJnxGiMpFKayM8iEdQ==,type:str]
-    minecraft: ENC[AES256_GCM,data:0e2xQpxQqLn/uZ7Re6C3qPgT5GVO1RfFTrn9QMBNwWrOM/lL2joItZryGpzrzDzSjqo76XK0wg/WiTqUAOFoFrbNW5UO29Xov1oVasmL4I2Yn6MzBAvHrmqYTszUqNZAbV+AXOOmCxddG4t0i2INsZmWV+8=,iv:i9bYG7XWfu+Hpk3m38Zuvxwmza/6yifgJDKpRu7324A=,tag:7asFXCtHnWfN+qjHtBsC3w==,type:str]
-    raspberry-pi: ENC[AES256_GCM,data:xIj5XTA3a5MZzUlzudZL/Y/KPLZ+bil3Sx/4Q/BoCYy3KuhDWfOTCSPh5/Q9W4deK9Adabz2DY8gj8GjZrzTx9W/mu7McN6nZ6WgHB3xY2hTDQUOQAA95sn4hIsuEFtBOds4,iv:fEFJ11IIjYjT4jiZ50c7JlRPbHHJlg6ps11fb1zjOdE=,tag:t3uKMQLTQHW/3iuV0OsnzQ==,type:str]
-    laptop: ENC[AES256_GCM,data:0hugdjbf0FcwBx5Lnqm6IoqdpwEEPCmvi0DIEwtpPmbi2n+IUThW5nbabiF6cEME6x/GqsAJeTLi7N6m8BQGus/ucykROOoW0VPnqW1YxJIfoVjPeRYQiw==,iv:iZn7qrFYELI6xotrkUQVpza4xsZ0088eZmGFINYxxes=,tag:i1PprBhbf4NZmv7ypW5mBA==,type:str]
-    steamdeck: ENC[AES256_GCM,data:nyrpYYaS+G7RXpbH0rmIQpmQwupv4FApjdBttAno6NBpxmm/5mwl7ZI8weXVotOf+zFpZd61mOi/CUxScF0uCS8ZNjAQIIxsSYaUvPZquQn8whANCLv6a70=,iv:qUcxgxhap3e+VOHX23AY+fZOqfuc49ZwyYANJX/SBeM=,tag:u2MwG7Ym0CDfFb72cgDZ/A==,type:str]
-    github: ENC[AES256_GCM,data:0esT+eNAIjZnnuc4l8C1vP4OH3iEwQHB1zYX4vy/CpT1JB++iE0L/irfy9AOr10bSBvUCf/awu/ofjaW2Nq4w/u/eO3EFw==,iv:ug/hn/eLIjiW6IhcgV9qYvcuuRaOHPYuMEixIj6H180=,tag:HlNSUYTPwO/Ln6lN2+nHvg==,type:str]
+    prod: ENC[AES256_GCM,data:3BTy6QVwrDzOL3uxOOQlSfqzrGCtsnRZdx3sVZPXv8igJVoRt/3yIU617QwwzCi3mwSS4BmD4lIj9tBiEUY6NyUEGZORh/+hIUeEeT27wqQ1iZX1KeE2U1Ofva5LnDs=,iv:R4sMVKt7s8u8uX2B/NGmO2759JSai9lCLTVaPdFiJiU=,tag:1Vk5cl95gPNhEzA+msxijg==,type:str]
+    minecraft: ENC[AES256_GCM,data:BMhHMS0WWW/l+vEdzv0Im/hlB2qBeCZg85OyRYIh6YNUok9GqQkcD5veCKgrFMTirwsuS5PZB9zfxMWmm/W1EKaGu92tSlv4cfTck+d9DUqulkR7fVpHN5BZoSivlORy4dtZo8GsjOdej7tAKKAiFj7Mj9dULjCBsYWzsxmW42M=,iv:EfXmwNWiSqLuxfkPS6wudTbbpm1AVVk2VwKOhTMsSH8=,tag:kMlQ0WnMz01JzSzhmDLbZQ==,type:str]
+    raspberry-pi: ENC[AES256_GCM,data:WRICtc9nf5nY6sV7EixeChBmwYfSdypSYsR1DnGpJWZEnm5A4Fd+WCfqmQ/WVInR9veED70ivqBixMWvnq56EBXj6kYyf90g/wtABRFRr6doV1rQ4B969/1ci+dLn1JNIRzpQgIB2Z+jOOoOSPDI,iv:tUTGbar4v28T2SH4chi0228fGDwKrzXPE+2T7WQF0M0=,tag:P2UYNIKP8AIe6PSi/p8PWw==,type:str]
+    laptop: ENC[AES256_GCM,data:MnuSJCe8QX6sChiJtmqAzDgBStE9kROoF1WpWAAAYBiwSewpIvdwzwnOSIthcD47tLH4UMyOQsn84JgdL6JmImk2wfeP1qGFP1uJFhyNvyiIlr7YiKuYZQ+TFOS6CxWlsFEXKQ==,iv:j/m8ClFYrBhc6ZPx+a6t1gjyCJJC0qMG/VFF1SF5gXQ=,tag:+d39vgJbDwJ8aHt1H0uQtg==,type:str]
+    steamdeck: ENC[AES256_GCM,data:pHvdMgt8JJTtNLka0txqz3rBADrbq46xaPGi+QdJUz9rMnXR5RsokZ6w0zruVyOjabRxuQbmT22eXmQZNuSivqzBxfCggZpctqlnWClT2pIvfv3tQ5PfR2cdKmFZ2qRcZtlhHMQ=,iv:5hHCWEDaMy2t2/xM/g3+Qry3xica4hF+mvsRkxLkf74=,tag:kRIAMNAcEudGGlc+ZsL4xA==,type:str]
+    github: ENC[AES256_GCM,data:CJqqz0n5TQE8lrw7sxxI+STYN+DmKtDFB+0PxbuSkddRb7B9c0TYT7O0JwATo/CZOukcmY4gEZz58zFGpOvF0TxuDLckCVFLCMV5T83MOWTWkA==,iv:kpgZd6hXh543vO4C9mbOuPDGm/2diHYlyB0MVWGSHhk=,tag:2SLMGdinrc+JteYfby9qvg==,type:str]
 sops:
     kms: []
     gcp_kms: []

hosts/pc/secrets.yaml

@@ -14,12 +14,12 @@ users:
         github: ENC[AES256_GCM,data:cijMjOujw1E6eFhaX5ZBit4ojEm3ExNT8couWzzAvvYBMTrkQhWLoNX4hUNTpfCOEvJUWY99Xq4rBkVT7xn4XJjY/nqWyurfPJz9LKbJwpA=,iv:xfiwDECbsFNSPesb/RYi4QJQICvCGPixYXw4HR2k1z8=,tag:n/6SPunmt9+wmvzxEXcpjA==,type:str]
     ssh_agent: ENC[AES256_GCM,data:ktzKNnuUeN/xW5Oy4kX6yK9PKSV0SgJ4TvMnBKkQBLBtKnRXatTcOGW8EeDpuk11ke+4jPi7zN0MQg3neXYB4TJ2jlBoucJWygiqhTewsOEX6jCKn/mGp/I9uSFnmnavk7AchWAmLDGmXdB3HxhD3vlXCjp/7eY+ogkAwxCHv5FEMrzuoqJTkiAkchIrKAxCJpoL3xrNIyzSkGzHjS3CiBTtbvMpA5kPWaCIRF5VjOyIBz1wnNcCSd1+vuvjM6r4fcSfw0Ac+IrvM2as+980rL8Cg0c6oLz17XzXBaTJMOT+Og/o9H1Soe2H6lnXx+ykM56ohUW5JW3GUIrqf4/uJZOGEr+Mccp2HuE+oD3XJyHmxkOAw47dUj0Ruz9zrwnslyxmBS5aQrsBYlyQIj6JCpfhjP+H5lR6UMPI8z5bSY9baSq61Q2794SNZGOBzK/tMS19NMJoorhb8PgYHnZYvkITgkhJWa3BR+jBP9CcR/UPS0Pt+5KXMhHfEek3xsq/8kAR8XOqvB0N3tGE4YokeRs5u+8LU+ZVy/R68BzHoacYrw37IDxL8yf1GMBf5nGJgt+thrNV,iv:0bu83r3KlKoZn3FQjhy1cL7lJWYkSkc/LimaO1kI/CQ=,tag:BgVZqvyoTFzT8EAAeO6NTA==,type:str]
 ssh_servers:
-    prod: ENC[AES256_GCM,data:aii+vW1biQX8mD+a4Yh3WQfLSrREb5h0xaQEg9g+OrssP4ks5GpsAqDTSMJUl1AQYxnSbtjQG7xggWCAGfxRaUHz710O5+LjOQrNntSFYKPR7us=,iv:+UGPt7HrJfsRiOuVKZ9pAszIj/ZkcndizaYhCnLzjCk=,tag:q0GNxxUEJ/8D7+6AR8DukA==,type:str]
-    minecraft: ENC[AES256_GCM,data:UyjEHrCzrS6wPVrfaHL3Hc9lk3YpO/PrPDUF6gPjDynHVP4ceTTV2795OBfrbmQvoyk8GW9p/UK8ubZ31nVrUg9yygY4Bmq/yW7j0iV6BaKplUBDdY0Y1ArBJxPspfJW+L5nNyniRHbxRawQ2pA35LTfizM=,iv:zuXXmMHjPFZDVYQEp07poSIcn/Px8y+ny/VdMVsDeZg=,tag:dtiMXUFLoGd12bgl3yC5rA==,type:str]
-    raspberry-pi: ENC[AES256_GCM,data:27i1YsZqWOhAmKGXYYWK+H+X/9C2oxFyVEl1qruS+Q6lmUJNYyAnYkFDyvKw+lZQGaIdlGpAOjeMkn9QEvfNR/BBr9QLRreWDdzBX1/H816x//GWZybWMmfz7vRl5RyWanT2,iv:mcwgsn1Xifq5J2hDg7Mz5ZcLEokHlDD3qxopjz9wQPQ=,tag:Uvq6e86EsSMLvxcDL7N5Vw==,type:str]
-    laptop: ENC[AES256_GCM,data:rFsc9cAk58zTnXUNLYLLgA00sVV46KpGsjjIxKPGwTXI7RZ+RPv3YXc4LZ1WBFScAvulqZaNodlSK/SYvyp+O7VI/RJeU24qEo/SsCWEJmNsBIQ0I6hBKA==,iv:ZXDLg5M8F/pvh9E8EdxyUsDew6cGZUr0yQB2UiskUZ8=,tag:z7xSOPguNOhI8bxJD7y6Jw==,type:str]
-    steamdeck: ENC[AES256_GCM,data:TGLMCBMiocOF75mtUEqUOkCA0mIr1ctJ3r6c94wPALSb+UDLDFDH7nA0NR7LyljdnNzy69IE2zgNMohkgdix5rkkuAyAZ7PEmuBRtMEa7oK0bU2kZgXJSe0=,iv:GFTReGNom+pWMxbHXPy98JgoCMO0t5bD1tA/8sLkPac=,tag:lYl8dzgjrwmzdpVvp2mCXQ==,type:str]
-    github: ENC[AES256_GCM,data:x0IsKj/EMbe2ykl7+BLMJNRKu2yC/JLKFcYX2MiEiVykhvircwbMBSHZCci9tKQ0LbkTwgbhU71Xmhl6LyZYBzQetXXKZQ==,iv:ftJeP0mkcLf2k8okVPI3E1+W66ZTZULvNTrZ1D/CrGs=,tag:6+GwCZyZP0smiY1uDScyUQ==,type:str]
+    prod: ENC[AES256_GCM,data:0DWmJY62/SHH3glx7+qs0E57kwh5M3xovCKbuwFowf5uhLKLCn3s/U2kuhG7oXA9kTiPrBo4T7zkivh6kqx/TMvf3b5YJFHbr748l0XwcIaLO1b2ZXIx+FsNS2JvuDE=,iv:ulKS4OKzD2rbvqVj5qCn0dsnQ5dUDe7RtPMSjC2e82o=,tag:cIAH+dRE6SEh1iex415b6Q==,type:str]
+    minecraft: ENC[AES256_GCM,data:RcJVDX5BA6jNa9GzNTFmn14A8jC5iykZ8OcGkjP25smv1IgBm+0j/uzlZ/nUmMbbC5C441aJRQ1gpgrEa63WKdxE9EaBY71+4Ec7mc6B3s+BhZ5MbBYhN31bDUfFNTdwaMq/gqEXDFRrEWfetzSfk1rHg2z0bKPoefk2l/Qz+Jg=,iv:J+vIlyxipIcmMhWP6bF2Ru6rJIirxKQk9eYQaOiUFDQ=,tag:E7XeimLEIEktFx3gdjKnMw==,type:str]
+    raspberry-pi: ENC[AES256_GCM,data:r7cNsBHBtixPwCPodeiN7oK+vUog+1/QV9nP/gy887s3cK8JAi24tg2QoF8WbhjpAQWqnEomps/MJJo4cfOE88NsUTh1RDXnlm+ZRQaSvDZZVPfe4Rh+G42g49J6Xt1zxDsNfcWsZJ3G7hkrY/Zr,iv:D12K63ZxHJiGXazTJuBrZI+9CkvEN43CdlOGBVXPRcI=,tag:sPLoGeJUskhDrW8OG4hPXg==,type:str]
+    laptop: ENC[AES256_GCM,data:/tVfiN5zcyUxDT1Xkqt+GQg06Coh7r2waJIVUlKHkeww4Rl0EdTxGkAX5gytv5yvQa8B6mMzuI6nFnT1/bC6725cHhtOmrVZ+ssFK309fk+PNAqsZh467R8BXSJ7yqRYjsV6SQ==,iv:pX6SnARxNMJLzOnJ3yUol5oshqOv/E5rmJ/XVPxOing=,tag:VrqaeWAWPZo7lVTEAKHMGQ==,type:str]
+    steamdeck: ENC[AES256_GCM,data:kM+IIqPd9K8UzMQcN4EIc4gtUKjau05wTzowDvEOWBeLyHjSbpP0Gt5F18pqJu+5TUvjxxobWjla65D03ox/bBj9djxAygbxt411s273svaE1D6RqiAomECcWIfxCEggUdYXhvY=,iv:9lHwKtJtBdZnMjOPemy6GwEeeCwgCmvtDJTYksNEEnY=,tag:BmjYh94HUxRu2OccX9LsMg==,type:str]
+    github: ENC[AES256_GCM,data:O/xp5d3t5Y9Xylq05dvuD5DAwOO6LKckUkoXDiDZaHidsUyuU8UktpZLdSMbMqXoLAo7x0hzQ4A50lQrDMT5bV2KpF4VbxPkuROcavSdU4+dYQ==,iv:DBaaaP82GghoySUVL1G9ar1sNLsywTTnaAzaJrqn46A=,tag:/LkEXWkP2NDmPPhm4W+Esg==,type:str]
 sops:
     kms: []
     gcp_kms: []

modules/desktop/apps/_1password.nix

@@ -11,6 +11,9 @@ with lib;
 with lib.my;
 with lib.my.utils; let
   publicKeys = builtins.attrNames (mapper.fromYAML config.sops.defaultSopsFile)."1password".ssh_public_keys;
+  hmConfig = config.home-manager.users.${username};
+  configDirectory = hmConfig.xdg.configHome;
+  homeDirectory = hmConfig.home.homeDirectory;
   layout = findLayoutConfig config ({name, ...}: name == "main"); # Main monitor
   monitor = getLayoutMonitor layout "wayland";
   class = "1Password";
@@ -23,7 +26,7 @@ in {
     };
 
     fish.interactiveShellInit = ''
-      source $HOME/.config/op/plugins.sh
+      source ${configDirectory}/op/plugins.sh
     '';
   };
 
@@ -36,8 +39,10 @@ in {
   sops.secrets =
     {
       "1password/ssh_agent" = {
-        mode = "0440";
-        group = config.users.groups.keys.name;
+        mode = "0644";
+        owner = username;
+        # TODO: Replace with sops.templates
+        path = "${configDirectory}/1Password/ssh/agent.toml";
       };
     }
     // (listToAttrs (
@@ -46,7 +51,7 @@ in {
         value = {
           mode = "0600";
           owner = username;
-          path = "${config.users.users.${username}.home}/.ssh/${publicKey}.pub";
+          path = "${homeDirectory}/.ssh/public_keys/${publicKey}.pub";
         };
       })
       publicKeys
@@ -72,12 +77,6 @@ in {
       };
     };
 
-    xdg.configFile."1Password/ssh/agent.toml" = {
-      source =
-        config.home-manager.users.${username}.lib.file.mkOutOfStoreSymlink
-        config.sops.secrets."1password/ssh_agent".path;
-    };
-
     wayland.windowManager.hyprland = mkIf (config.modules.desktop.wm.hyprland.enable) {
       settings = {
         bind = [