diff options
| author | Franck Cuny <franck@fcuny.net> | 2023-02-16 14:15:13 -0800 |
|---|---|---|
| committer | Franck Cuny <franck@fcuny.net> | 2023-02-20 13:48:36 -0800 |
| commit | 8c53d0e4c6dcd133f60423f2d1a574045e20f741 (patch) | |
| tree | f3cd97d7812fb46b4d6fae0f0b0d1e5cca0645e5 | |
| parent | feat(modules/pcscd): install the pcscd daemon (diff) | |
| download | world-8c53d0e4c6dcd133f60423f2d1a574045e20f741.tar.gz | |
ref(modules/users): move ssh keys to a separate file
Each key is associated to a variable, which let me be more specific about which key to use depending on the context.
Diffstat (limited to '')
| -rw-r--r-- | configs/ssh-pubkeys.toml | 6 | ||||
| -rw-r--r-- | home/git/default.nix | 5 | ||||
| -rw-r--r-- | modules/system/users/default.nix | 12 |
3 files changed, 17 insertions, 6 deletions
diff --git a/configs/ssh-pubkeys.toml b/configs/ssh-pubkeys.toml new file mode 100644 index 0000000..2f07322 --- /dev/null +++ b/configs/ssh-pubkeys.toml @@ -0,0 +1,6 @@ +aptos="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl" +git="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIItMKXWzH00xS7kYJzDCIr/PM9DaZw+imK/byjrY5WNv" +work="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9" +ykey-laptop="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo=" +ykey-keyring="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo=" +ykey-backup="sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINEGiZpKcXQtB7P7k5puV5OAeMlnB7qRLm+HRI5/OKTbAAAABHNzaDo=" diff --git a/home/git/default.nix b/home/git/default.nix index bfb6fd8..f5fd924 100644 --- a/home/git/default.nix +++ b/home/git/default.nix @@ -1,6 +1,9 @@ { lib, config, pkgs, ... }: -let cfg = config.my.home.git; +let + inherit (builtins) readFile fromTOML; + cfg = config.my.home.git; + sshPub = fromTOML (readFile ./../../../configs/ssh-pubkeys.toml); in { options.my.home.git = with lib; { diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix index ddc2c14..7f42982 100644 --- a/modules/system/users/default.nix +++ b/modules/system/users/default.nix @@ -2,6 +2,7 @@ let groupExists = grp: builtins.hasAttr grp config.users.groups; groupsIfExist = builtins.filter groupExists; + sshPub = builtins.fromTOML (builtins.readFile ../../../configs/ssh-pubkeys.toml); in { # Users are managed through this configuration. If a user is added @@ -24,11 +25,12 @@ in ]; hashedPassword = "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6."; - openssh.authorizedKeys.keys = [ - # aptos - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl" - # work - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9" + openssh.authorizedKeys.keys = with sshPub; [ + aptos + work + ykey-backup + ykey-keyring + ykey-laptop ]; }; |