modules.user.chn.ssh: set key for root

modules/user/chn/ssh.nix

@@ -51,13 +51,19 @@ inputs:
         );
       };
     };
-    sops.secrets = inputs.lib.mkIf inputs.config.nixos.model.private (builtins.listToAttrs (builtins.map
-      (name:
+    sops.secrets = inputs.lib.mkIf inputs.config.nixos.model.private (inputs.lib.mkMerge
+    [
+      (builtins.listToAttrs (builtins.map
+        (name:
+        {
+          name = "chn/${name}";
+          value = { owner = "chn"; sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/chn.yaml"; };
+        })
+        [ "rsa" "rsa.ppk" "ed25519" "ed25519_sk" "xmuhk" ]))
       {
-        name = "chn/${name}";
-        value = { owner = "chn"; sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/chn.yaml"; };
-      })
-      [ "rsa" "rsa.ppk" "ed25519" "ed25519_sk" "xmuhk" ]
-    ));
+        "root/ed25519_sk" =
+          { key = "chn/ed25519_sk"; sopsFile = "${inputs.config.nixos.system.sops.crossSopsDir}/chn.yaml"; };
+      }
+    ]);
   };
 }

modules/user/default.nix

@@ -120,10 +120,18 @@ inputs:
         openssh.authorizedKeys.keys = [(builtins.readFile ./chn/id_ed25519_sk.pub)];
         hashedPassword = "$y$j9T$.UyKKvDnmlJaYZAh6./rf/$65dRqishAiqxCE6LEMjqruwJPZte7uiyYLVKpzdZNH5";
       };
-      home-manager.users.root =
+      home-manager.users.root = homeInputs:
       {
         imports = user.sharedModules;
-        config.programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
+        config =
+        {
+          programs.git = { userName = "chn"; userEmail = "chn@chn.moe"; };
+          home.file = inputs.lib.mkIf inputs.config.nixos.model.private
+          {
+            ".ssh/id_ed25519_sk".source = homeInputs.config.lib.file.mkOutOfStoreSymlink
+              inputs.config.sops.secrets."root/ed25519_sk".path;
+          };
+        };
       };
     }
     # setup test