30 lines
931 B
Nix
30 lines
931 B
Nix
# TODO: this should be moved to users/colin.nix
|
|
{ config, lib, ... }:
|
|
|
|
let
|
|
host = config.networking.hostName;
|
|
user-pubkey-full = config.sane.ssh.pubkeys."colin@${host}" or {};
|
|
user-pubkey = user-pubkey-full.asUserKey or null;
|
|
host-keys = lib.filter (k: k.user == "root") (lib.attrValues config.sane.ssh.pubkeys);
|
|
known-hosts-text = lib.concatStringsSep
|
|
"\n"
|
|
(builtins.map (k: k.asHostKey) host-keys)
|
|
;
|
|
in
|
|
{
|
|
# ssh key is stored in private storage
|
|
sane.user.persist.private = [
|
|
{ type = "file"; path = ".ssh/id_ed25519"; }
|
|
];
|
|
sane.user.fs.".ssh/id_ed25519.pub" = lib.mkIf (user-pubkey != null) {
|
|
symlink.text = user-pubkey;
|
|
};
|
|
sane.user.fs.".ssh/known_hosts".symlink.text = known-hosts-text;
|
|
|
|
users.users.colin.openssh.authorizedKeys.keys =
|
|
let
|
|
user-keys = lib.filter (k: k.user == "colin") (lib.attrValues config.sane.ssh.pubkeys);
|
|
in
|
|
builtins.map (k: k.asUserKey) user-keys;
|
|
}
|