colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ssh: port to modules system

Browse Source
This commit is contained in:
colin
2023-01-08 03:07:20 +00:00
parent ea5552daa7
commit 72d589cb2d
6 changed files with 92 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
modules/home-manager/ssh.nix
View File

@@ -1,19 +1,22 @@
{ config, lib, pkgs, sane-lib, ... }:
with lib;
let
host = config.networking.hostName;
user_pubkey = (import ../pubkeys.nix).users."${host}";
known_hosts_text = builtins.concatStringsSep
user-pubkey = config.sane.ssh.pubkeys."colin@${host}".asUserKey;
host-keys = filter (k: k.user == "root") (attrValues config.sane.ssh.pubkeys);
known-hosts-text = concatStringsSep
"\n"
(builtins.attrValues (import ../pubkeys.nix).hosts);
(map (k: k.asHostKey) host-keys)
;
in lib.mkIf config.sane.home-manager.enable {
# ssh key is stored in private storage
sane.persist.home.private = [ ".ssh/id_ed25519" ];
sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user_pubkey;
sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
home-manager.users.colin = {
programs.ssh.enable = true;
# this optionally accepts multiple known_hosts paths, separated by space.
programs.ssh.userKnownHostsFile = builtins.toString (pkgs.writeText "known_hosts" known_hosts_text);
programs.ssh.userKnownHostsFile = toString (pkgs.writeText "known_hosts" known-hosts-text);
};
}