modified home ssh to be user specific
This commit is contained in:
parent
efa11640e8
commit
5b942d4708
|
@ -228,11 +228,11 @@
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716469326,
|
"lastModified": 1716659471,
|
||||||
"narHash": "sha256-Y/oaOb0bR3VECHznlAh16DpTqDy54Ldhvupu9AOqF6E=",
|
"narHash": "sha256-Wh43usJoW7JQnO1ZnPgg4ivHCXzGkMd2KswV9MeniUo=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "be937cfd892ca1a027982f2a94f6b035623353c7",
|
"rev": "72490bd6af1c40712577bf2d5f96927bd557a6a7",
|
||||||
"revCount": 33,
|
"revCount": 34,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -2,6 +2,5 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./zsh.nix
|
./zsh.nix
|
||||||
./ssh.nix
|
|
||||||
] ;
|
] ;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,13 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
programs.ssh = {
|
|
||||||
enable = true;
|
|
||||||
matchBlocks = {
|
|
||||||
"git.bitlab21.com" = {
|
|
||||||
identitiesOnly = true;
|
|
||||||
identityFile = "~/.ssh/deploy_key-ssh-ed25519";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -9,9 +9,19 @@
|
||||||
inputs.impermanence.nixosModules.home-manager.impermanence
|
inputs.impermanence.nixosModules.home-manager.impermanence
|
||||||
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
||||||
|
|
||||||
|
programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = {
|
||||||
|
"git.bitlab21.com" = {
|
||||||
|
identitiesOnly = true;
|
||||||
|
identityFile = [ "~/.ssh/deploy_key-ssh-ed25519" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
xdg.userDirs = {
|
xdg.userDirs = {
|
||||||
enable = true;
|
enable = true;
|
||||||
createDirectories = false;
|
createDirectories = true;
|
||||||
desktop = "/home/media/Desktop";
|
desktop = "/home/media/Desktop";
|
||||||
documents = null;
|
documents = null;
|
||||||
download = "/home/media/Downloads";
|
download = "/home/media/Downloads";
|
||||||
|
|
|
@ -21,6 +21,16 @@
|
||||||
".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic";
|
".icons/bibata".source = "${pkgs.bibata-cursors}/share/icons/Bibata-Modern-Classic";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = {
|
||||||
|
"git.bitlab21.com" = {
|
||||||
|
identitiesOnly = true;
|
||||||
|
identityFile = [ "~/.ssh/id_ed25519"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
home.sessionPath = [
|
home.sessionPath = [
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
@ -44,21 +44,21 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."passwords/${username}" = {
|
sops.secrets = {
|
||||||
sopsFile = "${secretsFile}";
|
"passwords/${username}" = {
|
||||||
neededForUsers = true;
|
sopsFile = "${secretsFile}";
|
||||||
};
|
neededForUsers = true;
|
||||||
|
};
|
||||||
sops.secrets."ssh_keys/${username}/id_ed25519" = {
|
"ssh_keys/${username}/id_ed25519" = {
|
||||||
path = "/home/${username}/.ssh/id_ed25519";
|
path = "/home/${username}/.ssh/id_ed25519";
|
||||||
mode = "0600";
|
mode = "0600";
|
||||||
owner = "${username}";
|
owner = "${username}";
|
||||||
};
|
};
|
||||||
|
"ssh_keys/${username}/id_ed25519.pub" = {
|
||||||
sops.secrets."ssh_keys/${username}/id_ed25519.pub" = {
|
path = "/home/${username}/.ssh/id_ed25519.pub";
|
||||||
path = "/home/${username}/.ssh/id_ed25519.pub";
|
mode = "0644";
|
||||||
mode = "0644";
|
owner = "${username}";
|
||||||
owner = "${username}";
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.flatpak.enable = true;
|
services.flatpak.enable = true;
|
||||||
|
|
|
@ -23,9 +23,21 @@ in
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."passwords/${username}" = {
|
sops.secrets = {
|
||||||
sopsFile = "${secretsFile}";
|
"passwords/${username}" = {
|
||||||
neededForUsers = true;
|
sopsFile = "${secretsFile}";
|
||||||
|
neededForUsers = true;
|
||||||
|
};
|
||||||
|
"ssh_keys/${username}/id_ed25519" = {
|
||||||
|
path = "/home/${username}/.ssh/id_ed25519";
|
||||||
|
mode = "0600";
|
||||||
|
owner = "${username}";
|
||||||
|
};
|
||||||
|
"ssh_keys/${username}/id_ed25519.pub" = {
|
||||||
|
path = "/home/${username}/.ssh/id_ed25519.pub";
|
||||||
|
mode = "0644";
|
||||||
|
owner = "${username}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
Loading…
Reference in New Issue