2023-01-30 02:10:12 +00:00
|
|
|
{ config, lib, sane-lib, ... }:
|
2022-11-22 05:28:41 +00:00
|
|
|
|
2023-01-08 03:07:20 +00:00
|
|
|
with lib;
|
2023-01-06 15:05:01 +00:00
|
|
|
let
|
|
|
|
host = config.networking.hostName;
|
2023-03-11 10:00:53 +00:00
|
|
|
user-pubkey-full = config.sane.ssh.pubkeys."colin@${host}" or {};
|
|
|
|
user-pubkey = user-pubkey-full.asUserKey or null;
|
2023-01-08 03:07:20 +00:00
|
|
|
host-keys = filter (k: k.user == "root") (attrValues config.sane.ssh.pubkeys);
|
|
|
|
known-hosts-text = concatStringsSep
|
2023-01-06 15:05:01 +00:00
|
|
|
"\n"
|
2023-01-08 03:07:20 +00:00
|
|
|
(map (k: k.asHostKey) host-keys)
|
|
|
|
;
|
2023-01-30 02:10:12 +00:00
|
|
|
in
|
|
|
|
{
|
2023-01-06 15:05:01 +00:00
|
|
|
# ssh key is stored in private storage
|
2023-01-30 10:35:03 +00:00
|
|
|
sane.user.persist.private = [ ".ssh/id_ed25519" ];
|
2023-03-11 10:00:53 +00:00
|
|
|
sane.user.fs.".ssh/id_ed25519.pub" =
|
|
|
|
mkIf (user-pubkey != null) (sane-lib.fs.wantedText user-pubkey);
|
2023-01-30 09:27:19 +00:00
|
|
|
sane.user.fs.".ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
|
2022-10-25 12:17:28 +00:00
|
|
|
|
2023-01-08 03:14:47 +00:00
|
|
|
users.users.colin.openssh.authorizedKeys.keys =
|
|
|
|
let
|
|
|
|
user-keys = filter (k: k.user == "colin") (attrValues config.sane.ssh.pubkeys);
|
|
|
|
in
|
|
|
|
map (k: k.asUserKey) user-keys;
|
2022-10-25 12:06:33 +00:00
|
|
|
}
|