nix-files/hosts/common/ssh.nix

{ config, lib, sane-data, sane-lib, ... }:

{
  sane.ssh.pubkeys =
  let
    # path is a DNS-style path like [ "org" "uninsane" "root" ]
    keyNameForPath = path:
      let
        rev = lib.reverseList path;
        name = builtins.head rev;
        host = lib.concatStringsSep "." (builtins.tail rev);
      in
      "${name}@${host}";

    # given a DNS-style recursive AttrSet, return a flat AttrSet that maps ssh id => pubkey.
    keysFor = attrs:
      let
        by-path = sane-lib.flattenAttrs attrs;
      in
        sane-lib.mapToAttrs ({ path, value }: {
          name = keyNameForPath path;
          inherit value;
        }) by-path;
    globalKeys = keysFor sane-data.keys;
    localKeys = keysFor sane-data.keys.org.uninsane.local;
  in lib.mkMerge [ globalKeys localKeys ];
}
move pubkeys out a modules/data/ directory 2023-01-09 02:40:25 +00:00			`{ config, lib, sane-data, sane-lib, ... }:`
ssh: add git.uninsane.org host key back 2023-01-08 03:22:05 +00:00
move pubkeys out a modules/data/ directory 2023-01-09 02:40:25 +00:00			`{`
			`sane.ssh.pubkeys =`
			`let`
			`# path is a DNS-style path like [ "org" "uninsane" "root" ]`
			`keyNameForPath = path:`
			`let`
			`rev = lib.reverseList path;`
			`name = builtins.head rev;`
			`host = lib.concatStringsSep "." (builtins.tail rev);`
			`in`
			`"${name}@${host}";`
ssh: add git.uninsane.org host key back 2023-01-08 03:22:05 +00:00
move pubkeys out a modules/data/ directory 2023-01-09 02:40:25 +00:00			`# given a DNS-style recursive AttrSet, return a flat AttrSet that maps ssh id => pubkey.`
			`keysFor = attrs:`
			`let`
			`by-path = sane-lib.flattenAttrs attrs;`
			`in`
			`sane-lib.mapToAttrs ({ path, value }: {`
			`name = keyNameForPath path;`
			`inherit value;`
			`}) by-path;`
			`globalKeys = keysFor sane-data.keys;`
			`localKeys = keysFor sane-data.keys.org.uninsane.local;`
			`in lib.mkMerge [ globalKeys localKeys ];`
persist ssh host keys in a subdirectory 2022-10-25 09:09:27 +00:00			`}`