associate ssh pubkeys to my hosts' wireguard names
This commit is contained in:
parent
847e618dee
commit
0d0a9fce6a
|
@ -1,7 +1,7 @@
|
||||||
{ config, lib, sane-data, sane-lib, ... }:
|
{ config, lib, sane-data, sane-lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (builtins) head map mapAttrs tail;
|
inherit (builtins) attrValues head map mapAttrs tail;
|
||||||
inherit (lib) concatStringsSep mkMerge reverseList;
|
inherit (lib) concatStringsSep mkMerge reverseList;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
@ -18,11 +18,21 @@ in
|
||||||
|
|
||||||
# [{ path :: [String], value :: String }] for the keys we want to install
|
# [{ path :: [String], value :: String }] for the keys we want to install
|
||||||
globalKeys = sane-lib.flattenAttrs sane-data.keys;
|
globalKeys = sane-lib.flattenAttrs sane-data.keys;
|
||||||
|
|
||||||
|
keysForHost = hostCfg: sane-lib.mapToAttrs
|
||||||
|
(name: {
|
||||||
|
inherit name;
|
||||||
|
value = {
|
||||||
|
colin = hostCfg.ssh.user_pubkey;
|
||||||
|
root = hostCfg.ssh.host_pubkey;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
hostCfg.names
|
||||||
|
;
|
||||||
domainKeys = sane-lib.flattenAttrs (
|
domainKeys = sane-lib.flattenAttrs (
|
||||||
mapAttrs (host: cfg: {
|
sane-lib.joinAttrsets (
|
||||||
colin = cfg.ssh.user_pubkey;
|
map keysForHost (builtins.attrValues config.sane.hosts.by-name)
|
||||||
root = cfg.ssh.host_pubkey;
|
)
|
||||||
}) config.sane.hosts.by-name
|
|
||||||
);
|
);
|
||||||
in mkMerge (map
|
in mkMerge (map
|
||||||
({ path, value }: {
|
({ path, value }: {
|
||||||
|
|
|
@ -11,6 +11,7 @@
|
||||||
name = cfg.lan-ip;
|
name = cfg.lan-ip;
|
||||||
value = [ host ];
|
value = [ host ];
|
||||||
}) config.sane.hosts.by-name)
|
}) config.sane.hosts.by-name)
|
||||||
|
|
||||||
(lib.mapAttrs' (host: cfg: {
|
(lib.mapAttrs' (host: cfg: {
|
||||||
# -hn suffixed name for communication over my wg-home VPN.
|
# -hn suffixed name for communication over my wg-home VPN.
|
||||||
# hn = "home network"
|
# hn = "home network"
|
||||||
|
|
|
@ -4,8 +4,14 @@ let
|
||||||
inherit (lib) attrValues filterAttrs mkMerge mkOption types;
|
inherit (lib) attrValues filterAttrs mkMerge mkOption types;
|
||||||
cfg = config.sane.hosts;
|
cfg = config.sane.hosts;
|
||||||
|
|
||||||
host = types.submodule ({ config, ... }: {
|
host = types.submodule ({ config, name, ... }: {
|
||||||
options = {
|
options = {
|
||||||
|
names = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
description = ''
|
||||||
|
all names by which this host is reachable
|
||||||
|
'';
|
||||||
|
};
|
||||||
ssh.user_pubkey = mkOption {
|
ssh.user_pubkey = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = ''
|
description = ''
|
||||||
|
@ -48,6 +54,11 @@ let
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
config = {
|
||||||
|
names = [ name ]
|
||||||
|
++ lib.optional (config.wg-home.ip != null) "${name}-hn";
|
||||||
|
};
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in New Issue
Block a user