colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ssh: manager ourself instead of using home-manager

Browse Source
This commit is contained in:
colin
2023-01-08 03:14:47 +00:00
parent 72d589cb2d
commit 00b681eca5
2 changed files with 6 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/common/users.nix
View File

@@ -52,11 +52,6 @@ in
passwordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path; passwordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path;
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys =
let
user-keys = filter (k: k.user == "colin") (attrValues config.sane.ssh.pubkeys);
in
map (k: k.asUserKey) user-keys;
# mount encrypted stuff at login # mount encrypted stuff at login
# some other nix pam users: # some other nix pam users:

11
modules/home-manager/ssh.nix
View File

@@ -13,10 +13,11 @@ in lib.mkIf config.sane.home-manager.enable {
# ssh key is stored in private storage # ssh key is stored in private storage
sane.persist.home.private = [ ".ssh/id_ed25519" ]; sane.persist.home.private = [ ".ssh/id_ed25519" ];
sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey; sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
sane.fs."/home/colin/.ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
home-manager.users.colin = { users.users.colin.openssh.authorizedKeys.keys =
programs.ssh.enable = true; let
# this optionally accepts multiple known_hosts paths, separated by space. user-keys = filter (k: k.user == "colin") (attrValues config.sane.ssh.pubkeys);
programs.ssh.userKnownHostsFile = toString (pkgs.writeText "known_hosts" known-hosts-text); in
}; map (k: k.asUserKey) user-keys;
} }