proprifié un peu ssh root

2024-03-28 10:44:37 +01:00 · 2024-03-28 10:44:37 +01:00 · c53cb64d61
commit c53cb64d61
parent a9c479c9ce
5 changed files with 16 additions and 16 deletions
--- a/hive.nix
+++ b/hive.nix
@ -16,7 +16,7 @@ in {

    imports = [
      ./machines/kat-probook/configuration.nix
-      users.root
+      (users.root { ssh = false; })
      users.catvayor
    ];
    networking.hostName = name;
@ -26,12 +26,9 @@ in {
    deployment.targetHost = "r86s.kat";
    imports = [
      ./machines/kat-r86s/configuration.nix
-      users.root
+      (users.root { ssh = true; })
    ];
    networking.hostName = name;
-    users.users.root.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
-    ];
  };

  kat-test = { name, nodes, ... }: {
@ -42,13 +39,10 @@ in {

    imports = [
      ./machines/kat-test/configuration.nix
-      users.root
+      (users.root { ssh = true; })
      users.catvayor
    ];
    networking.hostName = name;
-    users.users.root.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
-    ];
    home-manager.users.catvayor = {
      imports = [ mods.home.mail ];
    };
@ -59,11 +53,10 @@ in {

    imports = [
      ./machines/kat-virt/configuration.nix
-      users.root
+      (users.root { ssh = true; })
    ];
    networking.hostName = name;
    users.users.root.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCvi5VUsDrwS4XqQQfFFIx1JoRDPVdtChUQWqKFbPFtP8gH51woXiKtKRbDebL0z/EmkdYKxxIkzixHTR5xQXjo8JiFZbwldZi5IvMr3x//ad9sVyOhmbRx1DXLKjyOdWyo+w0vORvbEDu2lHktfSvhHGrvUHfFc3EY+cAl7IImgGEeGNPruAuNkN90Lth9QgwJVsdOEs9j7hwwKtpfMMETL5tkW34Nu7io03+SaPxwi2xLuWTdTklfZ7GWYtG2w/hFkzDbkW97rp5dxB1HO58cPqyRlqyfhZFpiUmWlyuMba3Tip6JarCa52IpFffEIDR0CSeh5CFPoeppo/TPDiXDie370TjjQpxJiG+9PobBhmChH5FmQ/lksffI/WimqpVO7Ixf5cYiHN5Z0mgJgZsXwI3YPICQLA8ebSKHA8+mdmkunDmCBRaBj1qEgkp/UoYqXT6BjBm07nOsnL+3SG/yfx4fLotgWtdm2mkjEAG+OGVR7G3Vk/POxn0EqX7Z+gU= sylvain@idefix"
    ];
  };
@ -77,7 +70,7 @@ in {

    imports = [
      <nixpkgs/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel-no-zfs.nix>
-      users.root
+      (users.root { ssh = true; })
    ];

    networking = {
@ -91,9 +84,6 @@ in {
    boot.supportedFilesystems = [ "bcachefs" ];
    programs.zsh.enable = true;
    services.openssh.enable = true;
-    users.users.root.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
-    ];

    environment.etc = {
      "config_base.nix" = {
--- a/machines/kat-probook/configuration.nix
+++ b/machines/kat-probook/configuration.nix
@ -64,6 +64,7 @@
    colmena
    tree
    lazygit
+    nix-output-monitor
  ];
  fonts.packages = with pkgs; [
    fira-code-nerdfont
--- a/users/catvayor.nix
+++ b/users/catvayor.nix
@ -1,6 +1,8 @@
 { config, pkgs, lib, mods, ... }:
 {
  imports = with mods.global; [ sway ];
+
+  programs.zsh.enable = true;
  users.users.catvayor = {
    shell = pkgs.zsh;
    isNormalUser = true;
--- a/users/default.nix
+++ b/users/default.nix
@ -1,4 +1,4 @@
 {
  catvayor = ./catvayor.nix;
-  root = ./root.nix;
+  root = import ./root.nix;
 }
--- a/users/root.nix
+++ b/users/root.nix
@ -1,8 +1,15 @@
+{ ssh }:
 { config, lib, pkgs, mods, ... }:
 {
+  programs.zsh.enable = true;
  users.users.root.shell = pkgs.zsh;
  home-manager.users.root = {
    home.stateVersion = "23.11";
    imports = with mods.home; [ neovim zsh ];
  };
+} // lib.attrsets.optionalAttrs ssh {
+  users.users.root.openssh.authorizedKeys.keys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
+  ];
+  services.openssh.enable = true;
 }