lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

chore(ssh): clean key-mgmt

Browse source
This commit is contained in:
catvayor 2024-10-26 18:29:35 +02:00
parent dd7e1d177a
commit 545b05ebe5
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
7 changed files with 32 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
hive.nix
View file

@ -2,7 +2,6 @@ let
mods = import ./modules; mods = import ./modules;
users = import ./users; users = import ./users;
sources = import ./npins; sources = import ./npins;
id_sylvain = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix";
mkNixpkgsSrc = (import sources.nix-patches { patchFile = ./patches; }).mkNixpkgsSrc; mkNixpkgsSrc = (import sources.nix-patches { patchFile = ./patches; }).mkNixpkgsSrc;
in in
{ {
@ -31,8 +30,6 @@ in
{ {
imports = [ imports = [
./kat ./kat
"${sources.home-manager}/nixos"
"${sources.disko}/module.nix"
]; ];
networking.hostName = name; networking.hostName = name;
}; };
@ -75,7 +72,7 @@ in
}; };
kat-virt = kat-virt =
{ users, ... }: { ssh-keys, ... }:
{ {
deployment = { deployment = {
targetHost = "virt.kat"; targetHost = "virt.kat";
@ -89,14 +86,11 @@ in
imports = [ imports = [
./machines/kat-virt ./machines/kat-virt
]; ];
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = with ssh-keys; sylvain ++ gaby;
id_sylvain
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoQZ/77uiai4rBHYwL55IweUOdR9svxDxlP/o7sulRT gdesfrene@clipper.ens.fr"
];
}; };
kat-mail-test = kat-mail-test =
{ users, ... }: { ssh-keys, ... }:
{ {
deployment = { deployment = {
targetHost = "mail-test.kat"; targetHost = "mail-test.kat";
@ -110,7 +104,7 @@ in
imports = [ imports = [
./machines/kat-mail-test ./machines/kat-mail-test
]; ];
users.users.root.openssh.authorizedKeys.keys = [ id_sylvain ]; users.users.root.openssh.authorizedKeys.keys = ssh-keys.sylvain;
}; };
kat-son = kat-son =

13
kat/default.nix
View file

@ -2,6 +2,7 @@
lib, lib,
config, config,
pkgs, pkgs,
sources,
... ...
}: }:
with lib; with lib;
@ -10,6 +11,8 @@ with lib;
./users ./users
./proxies ./proxies
./root.nix ./root.nix
"${sources.home-manager}/nixos"
"${sources.disko}/module.nix"
]; ];
options.kat = { options.kat = {
wireguardPubKey = mkOption { wireguardPubKey = mkOption {
@ -18,18 +21,18 @@ with lib;
fqdn = mkOption { fqdn = mkOption {
type = types.str; type = types.str;
}; };
path = mkOption {
readOnly = true;
type = types.path;
};
anywhere = lib.mkOption { anywhere = lib.mkOption {
type = lib.types.package; type = lib.types.package;
readOnly = true; readOnly = true;
}; };
}; };
config = { config = {
_module.args = {
ssh-keys = import ./ssh-keys { inherit lib; };
kat-path = ./.;
};
kat = { kat = {
path = ./.;
anywhere = pkgs.writeShellApplication { anywhere = pkgs.writeShellApplication {
name = "anywhere-deploy_${name}.sh"; name = "anywhere-deploy_${name}.sh";
runtimeInputs = [ pkgs.nixos-anywhere ]; runtimeInputs = [ pkgs.nixos-anywhere ];

6
kat/root.nix
View file

@ -1,7 +1,5 @@
{ ... }: { ssh-keys, ... }:
{ {
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = ssh-keys.catvayor;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
];
home-manager.users.root = { }; home-manager.users.root = { };
} }

1
kat/ssh-keys/catvayor.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor

15
kat/ssh-keys/default.nix Normal file
View file

@ -0,0 +1,15 @@
{ lib }:
with lib;
let
key-files = filterAttrs (name: _: name != "default.nix") (builtins.readDir ./.);
readKeys =
file:
let
lines = map trim (splitString "\n" (readFile file));
in
filter (line: line != "" && !hasPrefix "#" line) lines;
in
mapAttrs' (name: _: {
name = removeSuffix ".keys" name;
value = readKeys ./${name};
}) key-files

1
kat/ssh-keys/gaby.keys Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGoQZ/77uiai4rBHYwL55IweUOdR9svxDxlP/o7sulRT gdesfrene@clipper.ens.fr

1
kat/ssh-keys/sylvain.keys Normal file
View file

@ -0,0 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix