From 8c53d0e4c6dcd133f60423f2d1a574045e20f741 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Thu, 16 Feb 2023 14:15:13 -0800
Subject: ref(modules/users): move ssh keys to a separate file

Each key is associated to a variable, which let me be more specific
about which key to use depending on the context.
---
 modules/system/users/default.nix | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'modules/system')

diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix
index ddc2c14..7f42982 100644
--- a/modules/system/users/default.nix
+++ b/modules/system/users/default.nix
@@ -2,6 +2,7 @@
 let
   groupExists = grp: builtins.hasAttr grp config.users.groups;
   groupsIfExist = builtins.filter groupExists;
+  sshPub = builtins.fromTOML (builtins.readFile ../../../configs/ssh-pubkeys.toml);
 in
 {
   # Users are managed through this configuration. If a user is added
@@ -24,11 +25,12 @@ in
     ];
     hashedPassword =
       "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6.";
-    openssh.authorizedKeys.keys = [
-      # aptos
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl"
-      # work
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9"
+    openssh.authorizedKeys.keys = with sshPub; [
+      aptos
+      work
+      ykey-backup
+      ykey-keyring
+      ykey-laptop
     ];
   };
 
-- 
cgit 1.4.1