feat(nix): add ssh-tresor package and flake input

- Included `ssh-tresor` in the package lists for Darwin and NixOS modules.
- Added `ssh-tresor` as a new flake input in `flake.nix` with its overlay.
- Integrates secure SSH key management functionality across configurations.

flake.lock

@@ -326,6 +326,24 @@
         "type": "github"
       }
     },
+    "flake-utils_3": {
+      "inputs": {
+        "systems": "systems_4"
+      },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
     "git-hooks": {
       "inputs": {
         "flake-compat": [
@@ -700,6 +718,7 @@
         "simple-nixos-mailserver": "simple-nixos-mailserver",
         "snowfall-lib": "snowfall-lib",
         "sops-nix": "sops-nix",
+        "ssh-tresor": "ssh-tresor",
         "unstable": "unstable",
         "xremap-flake": "xremap-flake"
       }
@@ -742,6 +761,27 @@
         "type": "github"
       }
     },
+    "rust-overlay_3": {
+      "inputs": {
+        "nixpkgs": [
+          "ssh-tresor",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1768704795,
+        "narHash": "sha256-Y33TAp2BHEcuspYvcmBXXD0qdvjftv73PwyKTDOjoSY=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "4b7472a78857ac789fb26616040f55cfcbd36c6e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
     "simple-nixos-mailserver": {
       "inputs": {
         "blobs": "blobs",
@@ -808,6 +848,28 @@
         "type": "github"
       }
     },
+    "ssh-tresor": {
+      "inputs": {
+        "flake-utils": "flake-utils_3",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay_3"
+      },
+      "locked": {
+        "lastModified": 1768997903,
+        "narHash": "sha256-UpBfh3I4PhykVHqV74rrxufF3X1Z8z8sx/lFgMFfIP8=",
+        "owner": "haraldh",
+        "repo": "ssh-tresor",
+        "rev": "dd45aed45f8d9b8729b7698ef43e7cc32fab97b6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "haraldh",
+        "repo": "ssh-tresor",
+        "type": "github"
+      }
+    },
     "systems": {
       "locked": {
         "lastModified": 1681028828,
@@ -853,6 +915,21 @@
         "type": "github"
       }
     },
+    "systems_4": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    },
     "unstable": {
       "locked": {
         "lastModified": 1768564909,

flake.nix

@@ -69,6 +69,9 @@
     nixos-hardware.url = "github:NixOS/nixos-hardware/master";
 
     xremap-flake.url = "github:xremap/nix-flake";
+
+    ssh-tresor.url = "github:haraldh/ssh-tresor";
+    ssh-tresor.inputs.nixpkgs.follows = "nixpkgs";
   };
 
   outputs =
@@ -113,6 +116,7 @@
         (final: prev: {
           inherit (cratedocs.packages.${prev.stdenv.hostPlatform.system}) cratedocs-mcp;
         })
+        ssh-tresor.overlays.default
       ];
 
       outputs-builder = channels: {

modules/darwin/services/base/default.nix

@@ -37,6 +37,7 @@ in
         tmux
         vim
         wget
+        ssh-tresor
         starship
       ];
       shells = [

modules/nixos/services/base/default.nix

@@ -62,6 +62,7 @@ in
           rrsync
           s-tui
           sbctl
+          ssh-tresor
           sops
           strace
           tmux