danmax/tuxcord.nix
1
0
Fork 0
forked from tuxcord/tuxcord.nix
Code Pull Requests Activity

treewide: separate ssh keys

Browse Source
This commit is contained in:
Ryan
2026-05-02 17:10:15 -04:00
parent 6cd9ae97ea
commit 500b17237e
5 changed files with 33 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
agenix/secrets.nix
+1 -4
View File
@@ -1,8 +1,5 @@
let let
users = { users = import ../lib/ssh/keys.nix;
error = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ";
javalsai = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCufzCHLqMfuHpKKisd9Y+3l6hudbQQyaHg1lgQs5XEO58f0dIoUK3gc8iVO6dGGeY5q2o0cDcildHiT0PYc96rq7WJLCY00mAuclEuhmRSPjsei2IT3rWTawIheD2tWq+vAQjIBKibYWnVYwNOsbR3Zz1uKG/LNqqDnyYO/t4iMmhO1qcl6j8dRVBtzWYu3TnTrwx45sj54Y9hqZZiwB1xlzhHznSw6YPOe51hUO/yUtXKF2FCyfG7LHELZBMXkPQD6h4mDu+QNPN2D5RGd+Q5WzHcXcrXH/DvogVW6g3YGpBjTNKllCjGJYdYgjcjzQOS3I8ZOL6CUQzcZt2QwO3P42s4cjGzBwIub2zFnMOCyGgbKCYh3G7KKcde9qAX0yl8k+XNPIletJAV7pDrivzmgRLdy3iWud+q8TytkDLhcd/7g+pE6FE8y3IbejwXGNUn8CXJOKWH5zk0MVWSpNqz+6rlV43iPb4yuO7TFVnzuw/wKyOoc8RlFGEb/XLXwPs=";
};
tuxcord-ca = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxiko5Csyq9UODglYzLBvRfxkhQu9GXP7SH2BpC8G/7"; tuxcord-ca = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPxiko5Csyq9UODglYzLBvRfxkhQu9GXP7SH2BpC8G/7";
in in
lib/ssh/keys.nix
+4
View File
@@ -0,0 +1,4 @@
{
error = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
javalsai = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCufzCHLqMfuHpKKisd9Y+3l6hudbQQyaHg1lgQs5XEO58f0dIoUK3gc8iVO6dGGeY5q2o0cDcildHiT0PYc96rq7WJLCY00mAuclEuhmRSPjsei2IT3rWTawIheD2tWq+vAQjIBKibYWnVYwNOsbR3Zz1uKG/LNqqDnyYO/t4iMmhO1qcl6j8dRVBtzWYu3TnTrwx45sj54Y9hqZZiwB1xlzhHznSw6YPOe51hUO/yUtXKF2FCyfG7LHELZBMXkPQD6h4mDu+QNPN2D5RGd+Q5WzHcXcrXH/DvogVW6g3YGpBjTNKllCjGJYdYgjcjzQOS3I8ZOL6CUQzcZt2QwO3P42s4cjGzBwIub2zFnMOCyGgbKCYh3G7KKcde9qAX0yl8k+XNPIletJAV7pDrivzmgRLdy3iWud+q8TytkDLhcd/7g+pE6FE8y3IbejwXGNUn8CXJOKWH5zk0MVWSpNqz+6rlV43iPb4yuO7TFVnzuw/wKyOoc8RlFGEb/XLXwPs=";
}
nixos/common.nix
+1 -13
View File
@@ -21,6 +21,7 @@ in
./hardware.nix ./hardware.nix
./impermanence.nix ./impermanence.nix
./modules ./modules
./openssh.nix
./programs.nix ./programs.nix
./users.nix ./users.nix
./vm.nix ./vm.nix
@@ -100,19 +101,6 @@ in
}; };
}; };
services = {
openssh = {
enable = true;
settings = {
ClientAliveInterval = 300;
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
};
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
zramSwap = { zramSwap = {
nixos/openssh.nix
+17
View File
@@ -0,0 +1,17 @@
{ self, ... }:
{
services.openssh = {
enable = true;
settings = {
ClientAliveInterval = 300;
KbdInteractiveAuthentication = false;
PasswordAuthentication = false;
PermitRootLogin = "no";
};
};
users.users.root.openssh.authorizedKeys.keys = builtins.attrValues {
inherit (import "${self}/lib/ssh/keys.nix") error javalsai;
};
}
nixos/users.nix
+10 -1
View File
@@ -1,4 +1,4 @@
{ lib, ... }: { lib, self, ... }:
let let
users = [ users = [
{ {
@@ -32,6 +32,15 @@ let
isNormalUser = true; isNormalUser = true;
extraGroups = lib.optionals (options.admin or false) adminGroups; extraGroups = lib.optionals (options.admin or false) adminGroups;
inherit uid; inherit uid;
openssh.authorizedKeys.keys =
let
keys = import "${self}/lib/ssh/keys.nix";
in
if (builtins.hasAttr name keys) then
[ keys.${name} ]
else
lib.warn "user ${name} declared without ssh key" [ ];
}; };
systemd.slices."user-${builtins.toString uid}".sliceConfig = { systemd.slices."user-${builtins.toString uid}".sliceConfig = {