From 9e23f0bd6539816fecbe6b2dea0c08394fa7bf58 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= <git@benjaminbaedorf.eu>
Date: Sat, 3 Feb 2024 15:02:24 +0100
Subject: [PATCH] ssh: fix ssh login with new yubi keys fido2

---
 secrets/id_ed25519_sk-464.age | Bin 3126 -> 3201 bytes
 users/b12f/default.nix        |   3 +-
 users/b12f/home.nix           | 114 ------------------------------
 users/b12f/ssh.nix            | 126 ++++++++++++++++++++++++++++++++++
 4 files changed, 128 insertions(+), 115 deletions(-)
 create mode 100644 users/b12f/ssh.nix

diff --git a/secrets/id_ed25519_sk-464.age b/secrets/id_ed25519_sk-464.age
index 0951631cbf116194d75aa9768376286986ad8816..766ecfb8a5f894ff0b915ea2fd7201f703323c6f 100644
GIT binary patch
literal 3201
zcmY+G`|m7wS%8VPEli6RDd?%ioTd#>x8LqucV;>D=+0$lXXmmzvpd&XJu|y=-??9Q
zX6p|M5}=-{gfx@}+mjM$6d_tIa5#b{6)I^8N9jdLY%vIpu@I@!)<V^9P0kPg1y4SC
zpZD{;w(lOf>89-SI?U2rv(g{75O8$*WK{)6?iR){Xnb;=u5?~LX{NM^IP6#z378&v
zh$6%g4tJCW5(~5_DH)7PKcDyhE(UnY@iKo)jtVYbL$MM;bSCWu97F0u5^o5cgBScp
zv4he660NN4lf>2z9Uow7yMRXNP$wucaCtQ9deQ+UH;?PXu1DNGGV5z{Evj2343P13
zIni;b5s0Rh=$)hBKvm2pNH7|8tff>v6NCM#-7rYY$iq(ed~;-j!lBIPZkr#nh9B)s
zW1l+721|!Zhs!2VE2OPCOw)EdODlVES;3Z#B~cX{Ak%=Lyv2nLs@OgqEe#{u6&SV4
zsg;-PseYe`4uH&;TY7aE<{+|MCKXag(U`7hbuy`V{rE+D&sqn5wyc$$4mDEbBn9;b
zHMV3|JGZeKV9T2`o{$J6t8954F2}r8N&)U3rf#0MT0r|E94r(Q-_1G=(O8MdoYjmS
z24hnjNK^)_9fcS2#OqKZ_fZ=6LN3bKK%-2X-IPfoa}ErZ(L&S)ZW(RkmRn4W2oEYU
zq8ro^060%n)EsDZXXdOKD<f=x7qK>@x5%Q%c(|(}ZNe!vW~&)k=~fOFs%mZ`WU!KJ
za+LuXwwDH)q7D@*gZV>@HubhbGKL{`iIM9|eOfl=un9vE&uLYiLZqEC{%VNAOISux
zA5dDqE;KwjV6~|W@n9E8Ml4lBoX3c1-bp&oI-S@|O=iCDEoaxvqmcp!IM)oe@xtu@
z(HakTG8BoqA`u{-kXhxfa@*CpdF-y1<hC#|`rr^Qx0{jmFexplS~bahAo~&umo*Ui
z&9(sJX^qB$i7|&@qKf!L6~YvrdrTwBhb*rUN2k@vC66y{4NTbt@1GP#+=@QfTZZ>F
zW0sBU5!|{RIFTxvY8RtJVi={Y<$0`afSk)YL4n30XcV*9x42G7d<xXcornxd6H`D9
z@yS>!@%R$$^{s(@f3EL=Lo)1WE<M0HMI7+)cq{o_Tq2_mCWR1&_VaNjP>X5AqIQH>
zQqVVg;0|G`?*_X<Gzfs%uwh20ZAnpdIJaqrv^%*4+o?NgVIE@HwPZ~eCXEvlkjXO;
zqn27#1j7=}a+c!@VDBD}+EB?X+D~+C5p}h!`U2FD6M~C8#F=^cgc&PSy?_RoS%%)h
zq!WYQufT=UXI%(TyCowe4hS|yD5Wqrvs}xF%rNt@O_lblci1sTlC7q_Z3x7Wn`(1z
z8W56`wF1?-0>JtzIbv73ZSQT?WB6jQcR3VpQkJMiSs50-G#XMuX{--W#MQEBN|?R$
za8hj!E7qieL5AoUZ}?-XVOf+sgbNE_Cai>(mB0}$kswMHRmO<aeF@j(p_Z#bGLIco
zA6gD%fq+b7=^*Q8^{N>d9@NmZnvA2OL)J;8Z5kS(w+-bx2MHTu?FJp#9N26fc&R{9
zx2(1Vuv6#I5Yc+sQ1lqp*0Y>ShudAtdNtqlMjeoawbXN5no|^s*&?o3#F(@93!DPo
zRx*K0YFrZ00re^EpB(4>1cUO`Hs!O)3Y14k593m5jP;S7BYd89?qH3D2F5Y~*;V4$
zlE;)?Z?zepW^7YLkm=K%Yz#@CwGDDiLW4Lrm`k+RMU1EP3Y-A4PinT(LWRF9w#hyq
z9Yb8L^UPoQE=p@=y3KL9K<$ur`eA`Z=@?ob_+;A`RxT(@9VkSbTZ~=X!+Y5}t_#9@
z6EDuE7~k!&R$tG1ikE$F#Gyhkn)d04lY=cf#i?ZkE>Oh+SfPzQm%=NAnlARLm{tY3
zV)?xmxvH|s9aLm#V#?whMe5Y!N#V1k;5S{paq_gD(gGmx`6NcBy<)52-Zp!5$SenQ
zWj$Z-)d($pZIt#ls$<y5GreuVBTQ-#tz=1Kez=kN9WY2FHV8#`N;hHGPH7?qM;Uk!
zlLb!dC|0h80x^u8*JPU}APPsBq=AO{I=-FLhEG6129{~7ODg4JT9{Faz94;*Zfjy;
zc$Hxt0*#&SkV%a#5*Lj)behel)<&7@3cXtBGzl1-4leit?FZ^%xoRj==MSW{E0ygY
zBZGc3!{;nW)(M;LxC1qCRgi#KJE2A@+Pb{o0XY(LvPCC?NW@g5A?_*~Y6vQcG}9!#
zfsk6lf@7PMjXZS)@}TZ|8Hd5+=4X8@&Q$;nI2Lu?k*AWvRHeeuq9~POP@Iby6Jfo4
z)U`{H7A?zcy|iAg)owZRB!YFx*(~N00Lt9Jh}no7t!>jw7t6Y2Hx;vk+)k+@WSMpx
zg41?gFzaOsYJ+*YhjVMbvm(6{kYxdMje8vEq*OzAl##>ZPmF8_&T28{urY2&RMD*t
zOT25>`sQ_y^RPY2VQh5rP!z*(e{$l_(YaA_YZ{{F$fm96jleXPPc3HT;Go5ZGi7Bd
zGc3$E0ZkatTswt}g;0$e()Hj%G;v}$A+vnK4faB4gsGV0*u?*TtX4TJrDImo4;4ov
z)@-=v$8%^bErQOgDQp)lj_v6y#fjFAjCWvY00R=L3fW}FazxV!KP#DmCyz%G-XaOe
zhH;R}Ni^{0^x*%pbmyt6be$u=bnVIoN>qhQaVAi~Fw!SIHMhpI31c4Xl!-BJ<XdkQ
zPu#xUjJ?R)Q1q19rkemtla;qQq{ANQs>xV{(#{D)RnQ!lEtAgQ`;M!~o2XYPVm&UA
za-$vxEH=`vr^MqU@95~HyPYdzH5HfTzJ#WNq|Y4`@pWd!tUEfU0-cmsI=s>_NCvL>
z+t1oZ+xRN(KmJU9---0;Yq3*T+(*6qZ_m7V*-JM*dHd;q3@?Av&z&Xy=kz_-#}`kW
zF5mIQ7ao1)Zn>L3`YHI1JBf4e`|te?{ab(a?0f0!uC_k$(D(1R9(m}tE99@}Kltjc
zcm1OJ(eIr6&?g^!_WXrAAN};>gS)<P{&U}HZ$zGc3A^s9&;PXh;t_hw`7>9a`0&TA
zn+A{k#r_ff$Co|&4dhdk>&$OH@brIv`IcWkME8IE=IicT^|#)Go<BMp+<Ego#uGn0
zcLQ_!pYMh4{_9`)#P44Dt~0-X>cSWQ;P&>X%;x56Uc2@)Pd)$k-&(%+AO2?k$_wAR
z=G8C#@o#?pdvCiPx#^8}TwH$ZCZhTL?_K<vudB_+KKFy4{1fJv&Ye9#Z@K)$XaDNL
z5AQwm*x$YIwtx8v_`8!+FTb>N-tZ>(7hZczKlf^X-&Lz??!JcquN&z%J5X2t+K=Ay
z)(5_M{>*LRlMlUgiv9J6VEU^cy#7azef!n!=*`#v`D;J_r?*|r{Oq$&-|+BNZ@deR
zUl1O+IDGudcUR-*&%XQ1ul&0!!(V#;N8a<vJ3b(W-+1DMsCeq_&i9_X@N#wHVerEK
z$Dg^Z{93sA;^P-bSKc2z^`3Y5H--Q7&R0GRe)KGQ;mniY{($k~2eZFtZ~2Xj9d_+y
z&pdef?hOy$@UG{6=ecXYf9lk4KX~se|N89v|LEKwe)=z0U->S)`I`5<B@ZvZ>|_56
Dif3Sw

literal 3126
zcmY+Gd+aP_dB<ysmJT#(qbMak{+gmRXY+F|J6E*e?A&&DW@mS1c6N5hP??>Xo%>~H
zcIQ^8wI0A5K{<d`>V-?R<y4KDmVl_iREiCVp{B7~IG)x9M2l5up|m;nN0akM|9$`Y
zywCG~zR&wuo_pw~cG2d$AWPqx6&_f@z~L1KW$7Qf4uWAYbudpgLsSkFo(@ZyWM|BJ
zxKl>R0$IStM$gj$<x6NNv(p?GShJ-S5|}Po$Q38FE}Gjy*W-yk<a8CJEF|bGE~T6W
z&CGeI4H)|ztthPn(y@ZI2S|Ck;s<3Kj5O45!Q3?<bL?QNP*2clFX5YVV&e#gZ@az<
zVR_$-w~(69y=tG<Yiut8{?VDut=Pmix)r~tH5>2e%6My{Y$z<6zC7NyfsvTYuBFhV
zjZLya6A$MhjCK98t^ghc=~&ZDd^Bt}tu?htcVtl-i|s@^>E>Is(Y$57>0m*Y=kkaf
z?n1TS4xFNO*2!Rx00p5Z*+7(`B?h*cOKIa=mA$29Xb4t;j>}ctdKYe{*36;SV4Gw^
zfvxZ{EU&p8!B|Vcz|b+}(i@iLU20T}*X_{X8Tv#hT)Pf8T2m4pi6hL6sR_H~7~7E@
zajO^GFbC5xUjQmN8Y_z_Qkb4JrIQ+kWzF{0CfpC8NGB3msskA(I6N?StEx||eY}~^
z7#NC0f$u;XNc(NaW3*&}1towBf!E6IM(g0*7%up1p*FoaBNiLZ>(|;SC-BKK#P+aW
zN(z@un(-Qt>m9eLDUCq|4p*k+eqZ{**cgjb26LT=-Yk55$cwgHPWKhqOscuj5UQYa
z!_X(&g#wUbG^m?Z%wo|Ztqd%NEdwofg}q`13%?R@e%jw|>hZu37PTYH6Myd0gMyR7
zFf)cd5NI-RW|<;LjBF&PR4h?@TA8eDVYVtIlHJZMOOm0rlOd@IW#!zM3}#?*RMZ-$
zMJU4nQ=>OMfz+l}OOG9B<xmNQB3A8rJ8wOgaosd_DY%Vuf;{K(xzr$xMT*|Rgw0ec
z;`}{{$3({IoW?9xGY6cAWu+UXlK7jr(a0sGmO$=7iK2r{%)2FzWqVrcVWroRARA=4
zPp#GqIo;vzRwY*FXfLM*@w~B710%AIh+xSe8q-bKvAJBg43%sOLPLi|Q)q6!FsNiH
zS|&T`9Dj&74om0N0Cl@L#2XRdCB}M=PfdERWe(d!b5h<ZL_eDaF4ROzgWt3(&K@cY
z4I36|U?P5j5%ef#<Zx}t+6XAQzK|=)1RTa40S_ge=#jRREaKU=v!%B2MJJF7ZdoHs
zc_{I%7P<wznu`M?6-)>t07RgorP(rw%S(8#?`@cg=nZw1PUd34MNy1#GnM7^xy!dQ
z<?94b+d;qPaXOffpmGBYwv$O@LUsdVf|V{~r)@i9<YY`$@;W)^NvL5*D|!b?o!Z}`
z!CucWbhbByDlNxLX$(w?#l-7tQMYvV4KKIIs#kAE*kHNy_&SOAtTr1doU2wazOJEi
zpA?)p>Z`C$ip5IvUBHI}L+S<A+Rt1!RFCkxw2x*5gZ0q0x0XEB*b1(nhb%)v%P8g@
zov*MSV^gawuYxEru}QGs87$v&c(VwU)T}9y35}%&>L?fO5f2`3EhryC#U`6YgDq*%
z#;hHW5ZmFVF$SDd<D7_V$lzJ;fR@A3PhrEuolYF*?Q97#dneN;d@XXJ+4T&Ovlz;n
zM>gO<m1x8|8ds54arLBL$FYv{g>{s;AtG$|z3G@;ZbliVpQF7jV#Ko=L<2G}O{T*x
z%BA@PgJ?eKr?sAeVx3G>PAC#(tZHGa8}#6avDf`0Pa{m6?926RW{7nP3{qkwrkYY|
z9J!h^tp;X_+)g}x$PN?A4neU*#*9K7-D|+WN2yO!W;O|Z+nertvflz^5<#QB2j*4U
zq>LhsF{)HCNsI;B@V0@$b<|)d_staFu7b?s1lv=bl*iR%FrFWcDPVv!9d`8HXmUKw
z)KD!t$_00;Z9h)HCEh4up(;C+2}KcOkhvT8lG-YuR7&@Q?G_YTz=cEIj*!K`^^kQs
z^Zj5egFIP{gM7C$4LE_T*=D5|kzj`-HDbuV-1mH<Uqmv(QB)0}4p@w12E{1bB6<q!
zZ3?&VMw8Yg<q}>p?kpfOY3gM35}MnQ?N!CtL>nU=dW|&6D8P#uiR7wwST_(=hjicE
zkv?vj43clADRGqZrqA0;qs2EP#F;xKNz*-NQ@~{(R0atHGz8;Kg+d?B%Pt_J84M-l
z8dqq(#b;cuSc3wIOwAdshc(_UdmExRWTUyV5}m#kJCX+MXB|bMVXez8ys(_vzR&L+
zHp>>{*)pGMt0@{$$=XUy8O;VQJX8vkT{$DOX;w-+9gKjw9Sqq{3=665>0Z}@;!(S(
za<euje!PeT9h-?5%AyV1?-FT17CVovA-*TXv8oMbEMQY(-9x8>5@bPM?fdj9vY-mx
zNIj$Q)S}&5S{T4<IJ2RbJ<fybFhANW4!Wa94C({Ao?_e0q^MOEarYu<VZ^Lhmpy;A
zvh&^oisu1u^|#JAvQogs1>B96&PGF)hG5R91hKL*&TPaUb>TK_M(v0SSTS+R|HrD-
zZYCeG{A34nRY<Hiy#!R6cnEH{*dm$xpurP}v1(0>a<b_hO_zWrGxlZ@=he=N4a(to
z(v#~X^Vq7(6Kl6?K~I4*-1Uk7t84kT-+kAibLbVWRk{Zu4D48~m?KlPqEaZ#_#V7Z
zDI8SVkOmG94-fVs+)%59#lze{+KgyIRM1u(1v2BBRmReh=Z)ry$)za?{Kc=nupfgH
zqrK$h+g`l(GtaB<`Qx*<{Pl%D74CTArN4Rc!;{lj-gVuL&)o257yY(*!S&sfPoDY0
zUtNbi`rP+_aq;EPzWwQs+%!D#`xjsT@tZFBlzHr5{|UOS`Pnbt@)cot;*I#@$`9Ur
z$7{dy$_GF2L-f^mX>b3~FaP;XulwZZz^fm5E`MtD&DqVjKO9)gm)`fqA3gouCtmaL
z=HY9Y$AA3f)wkdE-dDti_jmbMzw!0+BKgz-c(?QOdoOk`{fPO=oBy2(&N_F0kGSE%
z6MrlJ!E=}2bpL;!dE~--hth9-^$TatgJ1ZUpB&%5@$~e%Tc5p_{PAV(&mOq+Pi}nR
z*ndIaI1Zw}e&Iv(Be(zj^6Z}1zxe)@`J4A8AN?WuLGYRneE9T3&#xW}Uh$U8-f{eb
z_5L*Uwf|XPSSVL(-|FtW^H0yeoI3Vvz?08Q^UGd;>e7>UUcr3)*>~M?(V2%%@)PMF
zPaJy<@ZRbV&!0Z_=!su`Nd3!qpS}hgo_OeK;j{mC??w0A`LSQQ@7TekXQOYv`uOIy
zn`c)ZY~FDCia+}Dx2}5kOZXiZy$GCt)#78H|NAR%d(~C{`MnFi`ykQDZxTO!>fZYw
zJMT;R;qU!Nvfri9we<Zzz5CN|hCcdr0(<O%$G?od=Y7w7el_{?7Zx`>@uTRTZ{PB%
zRQ${rU-gD-pE>)^<0nu4#*l!Xdg|_fIQz=azV*TKg){XN*Pr^@Pe$*!^_frHIyiOX
KCAa4F@BA+h$5{CQ

diff --git a/users/b12f/default.nix b/users/b12f/default.nix
index 5c6cf7c..025f13d 100644
--- a/users/b12f/default.nix
+++ b/users/b12f/default.nix
@@ -12,6 +12,7 @@ in {
     ./home.nix
     ./session-variables.nix
     ./u2f.nix
+    ./ssh.nix
     ./concepts-and-training.nix
     ./ehex.nix
     ./email
@@ -40,7 +41,7 @@ in {
           "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCmiF8ndGhnx2YAWbPDq14fftAwcJ0xnjJIVTotI12OO4SPX/SwH5Yp8C8Kf002qN9FbFmaONzq3s8TYpej13JubhfsQywNuFKZuZvJeHzmOwxsANW86RVrWT0WZmYx9a/a1TF9rPQpibDVt60wX8yLdExaJc5F1SvIIuyz1kxYpz36wItfR6hcwoLGh1emFCmfCpebJmp3hsrMDTTtTW/YNhyeSZW74ckyvZyjCYtRCJ8uF0ZmOSKRdillv4Ztg8MsUubGn+vaMl6V6x/QuDuehEPoM/3wBx9o22nf+QVbk7S1PC8EdT/K5vskn4/pfR7mDCyQOq1hB4w4Oyn0dsfX pi@ssrtc"
           "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDwyNsGCMuyI9x2IxYEbYIL6oYsEfe1wqhHaRxSnK9oc10ge1LJni5o7g6XgryoQpCD9YenImcCxwkKblmlLQ2327uoVC2PUo07li1uT0eIPk0TQoxwp6besFs7/LEzZlgWQsc3gkEXmjk/E0mu0U6z2fkqciJ/ZxWYt9fLP6jBG47U9878rSaZ7k7Ilv6oRA3suArH189k1nerk/tonS4EWXeHZxHh/Eu0tqwmxN/6+g2GicYn6b+MbFQVdQAkctqT5Yz9USm9UKzbaAuZ799u0dJzagHm9JJZOr8r11ENtAkY9kAzRzm3u/ACiSdVzyLdjAK6m0dIPhp3OhedzuHiI6/wRll60tYtQTH1XwUpVbtir3+DT+jwZgO1zH3yL4iNh79kuUo+UEg1ZmGkSZRzSS2vb5qr0J5aSJmCd5sNB7a01PTtSlQPOqSF9PB+UmcLDF7JoKFub0KT/gRZ5neZkXTYQ/Y05qtaaFVlOVISijnm+sLUvKBv6OW8oYXIHBk= b12f@chocolatebar"
           "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEST9eyAY3nzGYNnqDYfWHu+89LZsOjyKHMqCFvtP7vrgB7F7JbbECjdjAXEOfPDSCVwtMMpq8JJXeRMjpsD0rw= @b12f Yubi Backup"
-          "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKOpBCq5YqEVi4sKAZHk82luuf+DSvsPeRxsHYTVPJdZAAAACHNzaDpiMTJm yubi@464"
+          "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHUbowjUtBiOPWi+TCHGToFwIsMDY6s7IRev6buVVdWxAAAACHNzaDpiMTJm yubi@464"
           "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDyxaJNw0jXREOzQfa0E2RQE/xLD/VddDldbdSmS8uf9AAAACHNzaDpiMTJm yubi@485"
         ];
       };
diff --git a/users/b12f/home.nix b/users/b12f/home.nix
index fa75b9e..df61763 100644
--- a/users/b12f/home.nix
+++ b/users/b12f/home.nix
@@ -9,127 +9,13 @@ with lib; let
   psCfg = config.pub-solar;
   xdg = config.home-manager.users."${psCfg.user.name}".xdg;
 in {
-  age.secrets."id_ed25519_sk-464" = {
-    file = "${flake.self}/secrets/id_ed25519_sk-464.age";
-    mode = "400";
-    owner = psCfg.user.name;
-    path = "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-464";
-  };
-
-  age.secrets."id_ed25519_sk-485" = {
-    file = "${flake.self}/secrets/id_ed25519_sk-485.age";
-    mode = "400";
-    owner = psCfg.user.name;
-    path = "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-485";
-  };
-
   home-manager.users."${psCfg.user.name}" = {
     home.packages = [
       pkgs.zoom-us
     ];
 
-    programs.ssh = {
-      enable = true;
-      matchBlocks = {
-        "*" = {
-          identityFile = [
-            "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-464"
-            "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-485"
-          ];
-        };
-
-        "git.pub.solar" = {
-          user = "gitea";
-        };
-
-        "aur.archlinux.org" = {
-          user = "aur";
-        };
-
-        "leavieler.art" = {
-          hostname = "web5svsvy.wh.hosting.zone";
-          user = "web5svsvy_cgzqa3";
-          port = 2244;
-        };
-
-        "benjaminbaedorf.eu" = {
-          hostname = "web5svsvy.wh.hosting.zone";
-          user = "web5svsvy_cgzqa3";
-          port = 2244;
-        };
-
-        "miom.space" = {
-          hostname = "web7dgkba.wh.hosting.zone";
-          user = "web7dgkba_c9em8f";
-          port = 2244;
-        };
-
-        "latenight.blue" = {
-          hostname = "latenight.blue";
-          user = "lnb";
-          extraOptions = {
-            MACs = "hmac-sha2-512-etm@openssh.com";
-          };
-        };
-
-        "blacktea.io" = {
-          hostname = "latenight.blue";
-          user = "lnb";
-          extraOptions = {
-            MACs = "hmac-sha2-512-etm@openssh.com";
-          };
-        };
-
-        "laurakirst.de" = {
-          hostname = "webj4bsux.wh.hosting.zone";
-          user = "webj4bsux_36qkrk";
-          port = 2244;
-        };
-
-        "lipperschwabe.design" = {
-          hostname = "webugit4m.wh.hosting.zone";
-          user = "webugit4m_snjhrn";
-          port = 2244;
-        };
-
-        "pie.local" = {
-          hostname = "pie.local";
-          user = "yule";
-        };
-
-        "pie.b12f.io" = {
-          user = "yule";
-        };
-
-        "frikandel-initrd.b12f.io" = {
-          user = "root";
-          port = 2222;
-        };
-
-        "frikandel.b12f.io" = {
-          user = "yule";
-        };
-
-        "droppie.b12f.io" = {
-          user = "yule";
-        };
-
-        "nachtigall.pub.solar" = {
-          user = "barkeeper";
-        };
-
-        "flora-6.pub.solar" = {
-          user = "barkeeper";
-        };
-      };
-    };
-
     programs.bash.initExtra = ''
       source ${config.age.secrets.b12f-env-secrets.path}
     '';
   };
-
-  programs.ssh.extraConfig = "
-    PubkeyAcceptedKeyTypes +ssh-rsa
-  ";
 }
diff --git a/users/b12f/ssh.nix b/users/b12f/ssh.nix
new file mode 100644
index 0000000..711bd65
--- /dev/null
+++ b/users/b12f/ssh.nix
@@ -0,0 +1,126 @@
+{
+  config,
+  pkgs,
+  lib,
+  flake,
+  ...
+}:
+with lib; let
+  psCfg = config.pub-solar;
+  xdg = config.home-manager.users."${psCfg.user.name}".xdg;
+in {
+  age.secrets."id_ed25519_sk-464" = {
+    file = "${flake.self}/secrets/id_ed25519_sk-464.age";
+    mode = "400";
+    owner = psCfg.user.name;
+    path = "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-464";
+  };
+
+  age.secrets."id_ed25519_sk-485" = {
+    file = "${flake.self}/secrets/id_ed25519_sk-485.age";
+    mode = "400";
+    owner = psCfg.user.name;
+    path = "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-485";
+  };
+
+  home-manager.users."${psCfg.user.name}" = {
+    home.file.".ssh/id_ed25519_sk-464.pub".text = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHUbowjUtBiOPWi+TCHGToFwIsMDY6s7IRev6buVVdWxAAAACHNzaDpiMTJm yubi@464";
+    home.file.".ssh/id_ed25519_sk-485.pub".text = "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDyxaJNw0jXREOzQfa0E2RQE/xLD/VddDldbdSmS8uf9AAAACHNzaDpiMTJm yubi@485";
+
+    programs.ssh = {
+      enable = true;
+      matchBlocks = {
+        "*" = {
+          identityFile = [
+            "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-464"
+            "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-485"
+          ];
+        };
+
+        "git.pub.solar" = {
+          user = "gitea";
+        };
+
+        "aur.archlinux.org" = {
+          user = "aur";
+        };
+
+        "leavieler.art" = {
+          hostname = "web5svsvy.wh.hosting.zone";
+          user = "web5svsvy_cgzqa3";
+          port = 2244;
+        };
+
+        "benjaminbaedorf.eu" = {
+          hostname = "web5svsvy.wh.hosting.zone";
+          user = "web5svsvy_cgzqa3";
+          port = 2244;
+        };
+
+        "miom.space" = {
+          hostname = "web7dgkba.wh.hosting.zone";
+          user = "web7dgkba_c9em8f";
+          port = 2244;
+        };
+
+        "latenight.blue" = {
+          hostname = "latenight.blue";
+          user = "lnb";
+          extraOptions = {
+            MACs = "hmac-sha2-512-etm@openssh.com";
+          };
+        };
+
+        "blacktea.io" = {
+          hostname = "latenight.blue";
+          user = "lnb";
+          extraOptions = {
+            MACs = "hmac-sha2-512-etm@openssh.com";
+          };
+        };
+
+        "laurakirst.de" = {
+          hostname = "webj4bsux.wh.hosting.zone";
+          user = "webj4bsux_36qkrk";
+          port = 2244;
+        };
+
+        "lipperschwabe.design" = {
+          hostname = "webugit4m.wh.hosting.zone";
+          user = "webugit4m_snjhrn";
+          port = 2244;
+        };
+
+        "pie.local" = {
+          hostname = "pie.local";
+          user = "yule";
+        };
+
+        "pie.b12f.io" = {
+          user = "yule";
+        };
+
+        "frikandel-initrd.b12f.io" = {
+          user = "root";
+          port = 2222;
+        };
+
+        "frikandel.b12f.io" = {
+          user = "yule";
+        };
+
+        "droppie.b12f.io" = {
+          user = "yule";
+        };
+
+        "nachtigall.pub.solar" = {
+          user = "barkeeper";
+        };
+
+        "flora-6.pub.solar" = {
+          user = "barkeeper";
+        };
+      };
+    };
+  };
+}