about summary refs log tree commit diff
diff options
context:
space:
mode:
authorFranck Cuny <franck@fcuny.net>2023-02-16 14:15:13 -0800
committerFranck Cuny <franck@fcuny.net>2023-02-20 13:48:36 -0800
commit8c53d0e4c6dcd133f60423f2d1a574045e20f741 (patch)
treef3cd97d7812fb46b4d6fae0f0b0d1e5cca0645e5
parentfeat(modules/pcscd): install the pcscd daemon (diff)
downloadworld-8c53d0e4c6dcd133f60423f2d1a574045e20f741.tar.gz
ref(modules/users): move ssh keys to a separate file
Each key is associated to a variable, which let me be more specific
about which key to use depending on the context.
Diffstat (limited to '')
-rw-r--r--configs/ssh-pubkeys.toml6
-rw-r--r--home/git/default.nix5
-rw-r--r--modules/system/users/default.nix12
3 files changed, 17 insertions, 6 deletions
diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml
new file mode 100644
index 0000000..2f07322
--- /dev/null
+++ b/configs/ssh-pubkeys.toml
@@ -0,0 +1,6 @@
+aptos="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl"
+git="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItMKXWzH00xS7kYJzDCIr/PM9DaZw+imK/byjrY5WNv"
+work="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9"
+ykey-laptop="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo="
+ykey-keyring="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo="
+ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINEGiZpKcXQtB7P7k5puV5OAeMlnB7qRLm+HRI5/OKTbAAAABHNzaDo="
diff --git a/home/git/default.nix b/home/git/default.nix
index bfb6fd8..f5fd924 100644
--- a/home/git/default.nix
+++ b/home/git/default.nix
@@ -1,6 +1,9 @@
 { lib, config, pkgs, ... }:
 
-let cfg = config.my.home.git;
+let
+  inherit (builtins) readFile fromTOML;
+  cfg = config.my.home.git;
+  sshPub = fromTOML (readFile ./../../../configs/ssh-pubkeys.toml);
 in
 {
   options.my.home.git = with lib; {
diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix
index ddc2c14..7f42982 100644
--- a/modules/system/users/default.nix
+++ b/modules/system/users/default.nix
@@ -2,6 +2,7 @@
 let
   groupExists = grp: builtins.hasAttr grp config.users.groups;
   groupsIfExist = builtins.filter groupExists;
+  sshPub = builtins.fromTOML (builtins.readFile ../../../configs/ssh-pubkeys.toml);
 in
 {
   # Users are managed through this configuration. If a user is added
@@ -24,11 +25,12 @@ in
     ];
     hashedPassword =
       "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6.";
-    openssh.authorizedKeys.keys = [
-      # aptos
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl"
-      # work
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9"
+    openssh.authorizedKeys.keys = with sshPub; [
+      aptos
+      work
+      ykey-backup
+      ykey-keyring
+      ykey-laptop
     ];
   };