From b737c360e5a610f2aef19f710228bf8d885cc80e Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 20 Jan 2025 09:58:16 +0000 Subject: [PATCH] MODIFY: add ssh keys to admin user --- flake.lock | 8 ++++---- home/merlin.nix | 1 + home/users/admin/default.nix | 10 ++++++++++ hosts/common/users/admin/default.nix | 28 ++++++++++++++++++++++------ 4 files changed, 37 insertions(+), 10 deletions(-) diff --git a/flake.lock b/flake.lock index 166c0ad..c3abf0a 100644 --- a/flake.lock +++ b/flake.lock @@ -539,11 +539,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1737313275, - "narHash": "sha256-hnEGR+AjIrvnb+gTAZYnVvOdSpUj4amGrCWH2jA4wgM=", + "lastModified": 1737328660, + "narHash": "sha256-3k8JjxDXFOROez0IXfMTLKQYIbW2zCKOs+Ry0kMfJFQ=", "ref": "refs/heads/master", - "rev": "e842e11f209c5270627c6666bc3c24dc983d1c6d", - "revCount": 241, + "rev": "46312b04c97372668c44e95623bb3b91b6027b86", + "revCount": 243, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/home/merlin.nix b/home/merlin.nix index 8667d7f..7aab28f 100644 --- a/home/merlin.nix +++ b/home/merlin.nix @@ -5,6 +5,7 @@ ./users/admin ./common/core ./common/optional/git.nix + ./common/optional/sops.nix ]; } diff --git a/home/users/admin/default.nix b/home/users/admin/default.nix index d6d7ae9..9a1a620 100644 --- a/home/users/admin/default.nix +++ b/home/users/admin/default.nix @@ -7,6 +7,16 @@ imports = [ ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? + programs.ssh = { + enable = true; + matchBlocks = { + "git.bitlab21.com" = { + identitiesOnly = true; + identityFile = ["~/.ssh/deploy_key-ssh-ed25519"]; + }; + }; + }; + home.packages = [ ]; diff --git a/hosts/common/users/admin/default.nix b/hosts/common/users/admin/default.nix index 0b2a466..e4473c8 100644 --- a/hosts/common/users/admin/default.nix +++ b/hosts/common/users/admin/default.nix @@ -1,14 +1,17 @@ -{ pkgs, inputs, config, lib, ... }: -let +{ + pkgs, + inputs, + config, + lib, + ... +}: let username = "admin"; pubKeys = lib.filesystem.listFilesRecursive ../keys; hostname = config.networking.hostName; sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path; secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; - -in -{ +in { users.users.${username} = { isNormalUser = true; shell = pkgs.zsh; @@ -31,13 +34,26 @@ in sopsFile = "${secretsFile}"; neededForUsers = true; }; + "ssh_keys/${username}/id_ed25519" = { + path = "/home/${username}/.ssh/id_ed25519"; + mode = "0600"; + owner = "${username}"; + }; + "ssh_keys/${username}/id_ed25519.pub" = { + path = "/home/${username}/.ssh/id_ed25519.pub"; + mode = "0644"; + owner = "${username}"; + }; + "github-access-token" = { + mode = "0655"; + }; }; programs.zsh.enable = true; programs.fuse.userAllowOther = true; home-manager = { - extraSpecialArgs = { inherit inputs; }; + extraSpecialArgs = {inherit inputs;}; users = { ${username} = import ../../../../home/${hostname}.nix; };