From 0f65cfde49b5b5cf697ce62b0e30aeed3ad4a1bb Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Mon, 1 Aug 2022 00:23:56 +0200 Subject: [PATCH] ssh: Manage some public keys via nix --- home/programs/ssh.nix | 20 +++++++++++++++----- system/shared/ssh-keys.nix | 6 ++++++ 2 files changed, 21 insertions(+), 5 deletions(-) diff --git a/home/programs/ssh.nix b/home/programs/ssh.nix index 006702c..ceafb76 100644 --- a/home/programs/ssh.nix +++ b/home/programs/ssh.nix @@ -1,8 +1,11 @@ { pkgs, config, ... }: let - auth-socket = "${config.home.homeDirectory}/.ssh/1password.sock"; - signers-directory = "${config.home.homeDirectory}/.ssh/allowed_signers"; + ssh-directory = "${config.home.homeDirectory}/.ssh"; + ssh-keys = import ../../system/shared/ssh-keys.nix; + + auth-socket = "${ssh-directory}/1password.sock"; + signers-directory = "${ssh-directory}/allowed_signers"; in { home.packages = [ pkgs.openssh ]; @@ -109,8 +112,15 @@ in home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}"; - home.file."${signers-directory}" = { - source = ../config/ssh/allowed_signers; - recursive = true; + home.file = { + "${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub; + "${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab; + "${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner; + "${ssh-directory}/LAN.pub".text = ssh-keys.LAN; + + "${signers-directory}" = { + source = ../config/ssh/allowed_signers; + recursive = true; + }; }; } diff --git a/system/shared/ssh-keys.nix b/system/shared/ssh-keys.nix index 95c0a58..c349675 100644 --- a/system/shared/ssh-keys.nix +++ b/system/shared/ssh-keys.nix @@ -1,3 +1,9 @@ { + GitHub = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJFK1Jyr4jiHn8o/NN5rJMe21uRJ+6EnWtVyV5xogf14"; + + GitLab = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCjYM7ZqxRUp+gmqH37/y5FAT1ewZZyP+SrCYHVNGSS5nHzmgSAneocTl/H5/WiMUFtxy54VbdtOCtCe2my4nmvQfODD0Eepfo9V8S3tZOFzVpyH6S/mve/VgFfuQT2T8Cq85FQkdikD/mJztikbXPgx5frdq856ze4UXeZFyqaGyPxfN2x5iC5qKAoXJ6tuSn2MdhyqpVg0S8CKvWkaQJmcXIVR6VRGL6VssXJQh0ZGVYEEhJZ6rErpgbfiuXiQVw3x6DWzg9OuO/mUo+ot3y35YmrtV0Ad03SULp72cRoks7htiHzRIZPYsle1C4XL73MhNFR+rJTpd5RSz9qAMoPIYvNclEKmnRkuVk9npl9fLvazQQtwzD6V4W87UQJ/mpShT587cH0yjQFZYO1h2w5b1o23iGUbGwcse6MqSPiXb37z+Ua2itJM0d8Za7hxS8mFmbsg1lGK0/KyzkzRlajEtVA/ky33nknSbRuq6G5We0Fz8MwMYKIvb3Ib4QELJrh2zaUrqI7nUZEx16YbzmtAuhR0komeqER4n0rNKoLUNvNwFV6i8AqSeK4xJiQdNAIRBTGws5HkPJrlDodgmQJWpGGMUo8b8DGUL9yg/Jj+fZxjrXsdwgwnV3OW5s2WZmoKRM0Fp7Yz0S/a9qBjLTRUeJtEDVCmwfQFoTDghRxVw=="; + Hetzner = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDTRKrX0wVWoauI+dSfFpKIr7qwh8imrp1OVlxWyCuFssZI2o6chmRBZq4EbOkVvfdgdOGJ4hTSwQOTwusZVrZHwxtinusX5c2M3HMrhMvLFAYh2vKrvP5UZBTA/7laenSM6uLGxrM2CNc+G8ryAyY7dLoU2xaXiqgcfC6MaU/leTMTXWH5fHvqUk2pxI4ihObTGiDE5kvvFbv3AhFFtcMmkzdHN1vlVp8olKG0lYOLM9O3PpVGJtiOTA2Z9YuTC44iH984HPmk3KkJsK/PZFI1d4K7oW7298w44pszElGwjIW0GyB7X4qo6yOxsq1OsL/c7T9VHWVw3na2QvAJODBNM8rYGMACo8oSEThRsi1hhXPe7MhLPqwhn3OHbbofupbqk7WpKVaMLrO7793DgNatPNhGgbz9WtVCC65YPY3De3sowsh4M4u0HC5lRg0IgjBMgUjMAHWqcxytYRUKPRrdKbcaoOoMquMnja+bcLfHxVOkcLMgEfzPtjxgZCvenUsy0Q73dwxAtJx73xscMZUWb/LbkLWoOzAh3jjyjIeZeT8ZyIOhfcgoxLFE4Ik7eIiszEg0xQ7jXzR+K3RL+2O93RvNTvc5WaDVypiL6Zics30EZAYMYtBoY69a1PxeJ42sLp3O35QNFbwfN4cnsx9YXgvUmTcwCijU/LbvNAgl2Q=="; + + LAN = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDrF80S1XX9KDHxJpm3gJsYQOCPAcrkOHK3rWrNGTegWB9wcjYQyKcuFyA+E2o3czx+lCDbDMjJOTS8L7RNBShEKxFDENqfNSpPrpCzw0MX5qhzF0CYhgMjgnPZK3qjdR+5424y3rK90mrOxWHuRtTM+Lm0GQUaOr/HMDq69JLNlPdI+Ww2hHx1PyzS30zKaHnFFRdEcdsQAY2dhEoh6J06XD8q8yRb2aNsDzDcXzNlkZl1K6FE0qqEsuLSF0cYJuXZh3anE3+AzL7NSj/nL33WInEEjmbib46K8lPXzG0P3LDcx/roPslgr0IAxFHOoCb32CO/mN6raaPBrb+eHwBCaE2nLDIaxPXRQO/gxYW7Qk1Q7AkuH/ytdNreE/4QfsUjCXQd4gWLYTh+WVIJDMC7sX+xsCAGQzGe3UVXkUp//6Ye9BA3fquhpSl8He/0MZqj051q53eEuwnA6OnIjmVFtz/4X3lMUwLxBs9yzn+LDmFUMB6Q6RcmzwQz5+ErwVLPm+/Jbzbwpp6JdyTwDjEd7BMPz0Xm2/41XAsUTYY7H8OnFDjQSzIQiSLCQU5tQeCP09zuyx1Dv2nPr08RW1wT4Jpquk9tut4smEsyLDrFA7ijRsS+1TYx9cDEXujheCxqLmuNZhBLEiscBChZMxcyzBG1Yktm/kepKAWEvWqz7w=="; }