modified home ssh to be user specific

This commit is contained in:
Sam 2024-05-25 20:26:55 +01:00
parent efa11640e8
commit 5b942d4708
7 changed files with 55 additions and 37 deletions

View File

@ -228,11 +228,11 @@
"nix-secrets": { "nix-secrets": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1716469326, "lastModified": 1716659471,
"narHash": "sha256-Y/oaOb0bR3VECHznlAh16DpTqDy54Ldhvupu9AOqF6E=", "narHash": "sha256-Wh43usJoW7JQnO1ZnPgg4ivHCXzGkMd2KswV9MeniUo=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "be937cfd892ca1a027982f2a94f6b035623353c7", "rev": "72490bd6af1c40712577bf2d5f96927bd557a6a7",
"revCount": 33, "revCount": 34,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },

View File

@ -2,6 +2,5 @@
{ {
imports = [ imports = [
./zsh.nix ./zsh.nix
./ssh.nix
] ; ] ;
} }

View File

@ -1,13 +0,0 @@
{ config, pkgs, ... }:
{
programs.ssh = {
enable = true;
matchBlocks = {
"git.bitlab21.com" = {
identitiesOnly = true;
identityFile = "~/.ssh/deploy_key-ssh-ed25519";
};
};
};
}

View File

@ -9,9 +9,19 @@
inputs.impermanence.nixosModules.home-manager.impermanence inputs.impermanence.nixosModules.home-manager.impermanence
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
programs.ssh = {
enable = true;
matchBlocks = {
"git.bitlab21.com" = {
identitiesOnly = true;
identityFile = [ "~/.ssh/deploy_key-ssh-ed25519" ];
};
};
};
xdg.userDirs = { xdg.userDirs = {
enable = true; enable = true;
createDirectories = false; createDirectories = true;
desktop = "/home/media/Desktop"; desktop = "/home/media/Desktop";
documents = null; documents = null;
download = "/home/media/Downloads"; download = "/home/media/Downloads";

View File

@ -21,6 +21,16 @@
".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic"; ".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic";
}; };
programs.ssh = {
enable = true;
matchBlocks = {
"git.bitlab21.com" = {
identitiesOnly = true;
identityFile = [ "~/.ssh/id_ed25519"];
};
};
};
home.sessionPath = [ home.sessionPath = [
]; ];

View File

@ -44,21 +44,21 @@ in
}; };
}; };
sops.secrets."passwords/${username}" = { sops.secrets = {
sopsFile = "${secretsFile}"; "passwords/${username}" = {
neededForUsers = true; sopsFile = "${secretsFile}";
}; neededForUsers = true;
};
sops.secrets."ssh_keys/${username}/id_ed25519" = { "ssh_keys/${username}/id_ed25519" = {
path = "/home/${username}/.ssh/id_ed25519"; path = "/home/${username}/.ssh/id_ed25519";
mode = "0600"; mode = "0600";
owner = "${username}"; owner = "${username}";
}; };
"ssh_keys/${username}/id_ed25519.pub" = {
sops.secrets."ssh_keys/${username}/id_ed25519.pub" = { path = "/home/${username}/.ssh/id_ed25519.pub";
path = "/home/${username}/.ssh/id_ed25519.pub"; mode = "0644";
mode = "0644"; owner = "${username}";
owner = "${username}"; };
}; };
services.flatpak.enable = true; services.flatpak.enable = true;

View File

@ -23,9 +23,21 @@ in
}; };
sops.secrets."passwords/${username}" = { sops.secrets = {
sopsFile = "${secretsFile}"; "passwords/${username}" = {
neededForUsers = true; sopsFile = "${secretsFile}";
neededForUsers = true;
};
"ssh_keys/${username}/id_ed25519" = {
path = "/home/${username}/.ssh/id_ed25519";
mode = "0600";
owner = "${username}";
};
"ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644";
owner = "${username}";
};
}; };
programs.zsh.enable = true; programs.zsh.enable = true;