MODIFY: add ssh keys to admin user

This commit is contained in:
Sam 2025-01-20 09:58:16 +00:00
parent ecebf8427d
commit b737c360e5
4 changed files with 37 additions and 10 deletions

View File

@ -539,11 +539,11 @@
}, },
"nix-secrets": { "nix-secrets": {
"locked": { "locked": {
"lastModified": 1737313275, "lastModified": 1737328660,
"narHash": "sha256-hnEGR+AjIrvnb+gTAZYnVvOdSpUj4amGrCWH2jA4wgM=", "narHash": "sha256-3k8JjxDXFOROez0IXfMTLKQYIbW2zCKOs+Ry0kMfJFQ=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "e842e11f209c5270627c6666bc3c24dc983d1c6d", "rev": "46312b04c97372668c44e95623bb3b91b6027b86",
"revCount": 241, "revCount": 243,
"type": "git", "type": "git",
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
}, },

View File

@ -5,6 +5,7 @@
./users/admin ./users/admin
./common/core ./common/core
./common/optional/git.nix ./common/optional/git.nix
./common/optional/sops.nix
]; ];
} }

View File

@ -7,6 +7,16 @@
imports = [ imports = [
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules? ] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
programs.ssh = {
enable = true;
matchBlocks = {
"git.bitlab21.com" = {
identitiesOnly = true;
identityFile = ["~/.ssh/deploy_key-ssh-ed25519"];
};
};
};
home.packages = [ home.packages = [
]; ];

View File

@ -1,14 +1,17 @@
{ pkgs, inputs, config, lib, ... }: {
let pkgs,
inputs,
config,
lib,
...
}: let
username = "admin"; username = "admin";
pubKeys = lib.filesystem.listFilesRecursive ../keys; pubKeys = lib.filesystem.listFilesRecursive ../keys;
hostname = config.networking.hostName; hostname = config.networking.hostName;
sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path; sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path;
secretsDirectory = builtins.toString inputs.nix-secrets; secretsDirectory = builtins.toString inputs.nix-secrets;
secretsFile = "${secretsDirectory}/secrets.yaml"; secretsFile = "${secretsDirectory}/secrets.yaml";
in {
in
{
users.users.${username} = { users.users.${username} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
@ -31,6 +34,19 @@ in
sopsFile = "${secretsFile}"; sopsFile = "${secretsFile}";
neededForUsers = true; neededForUsers = true;
}; };
"ssh_keys/${username}/id_ed25519" = {
path = "/home/${username}/.ssh/id_ed25519";
mode = "0600";
owner = "${username}";
};
"ssh_keys/${username}/id_ed25519.pub" = {
path = "/home/${username}/.ssh/id_ed25519.pub";
mode = "0644";
owner = "${username}";
};
"github-access-token" = {
mode = "0655";
};
}; };
programs.zsh.enable = true; programs.zsh.enable = true;