MODIFY: add ssh keys to admin user
This commit is contained in:
parent
ecebf8427d
commit
b737c360e5
|
|
@ -539,11 +539,11 @@
|
||||||
},
|
},
|
||||||
"nix-secrets": {
|
"nix-secrets": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1737313275,
|
"lastModified": 1737328660,
|
||||||
"narHash": "sha256-hnEGR+AjIrvnb+gTAZYnVvOdSpUj4amGrCWH2jA4wgM=",
|
"narHash": "sha256-3k8JjxDXFOROez0IXfMTLKQYIbW2zCKOs+Ry0kMfJFQ=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "e842e11f209c5270627c6666bc3c24dc983d1c6d",
|
"rev": "46312b04c97372668c44e95623bb3b91b6027b86",
|
||||||
"revCount": 241,
|
"revCount": 243,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
"url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git"
|
||||||
},
|
},
|
||||||
|
|
|
||||||
|
|
@ -5,6 +5,7 @@
|
||||||
./users/admin
|
./users/admin
|
||||||
./common/core
|
./common/core
|
||||||
./common/optional/git.nix
|
./common/optional/git.nix
|
||||||
|
./common/optional/sops.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -7,6 +7,16 @@
|
||||||
imports = [
|
imports = [
|
||||||
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
] ++ (builtins.attrValues outputs.homeManagerModules); # import all homeManagerModules?
|
||||||
|
|
||||||
|
programs.ssh = {
|
||||||
|
enable = true;
|
||||||
|
matchBlocks = {
|
||||||
|
"git.bitlab21.com" = {
|
||||||
|
identitiesOnly = true;
|
||||||
|
identityFile = ["~/.ssh/deploy_key-ssh-ed25519"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
home.packages = [
|
home.packages = [
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,14 +1,17 @@
|
||||||
{ pkgs, inputs, config, lib, ... }:
|
{
|
||||||
let
|
pkgs,
|
||||||
|
inputs,
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
username = "admin";
|
username = "admin";
|
||||||
pubKeys = lib.filesystem.listFilesRecursive ../keys;
|
pubKeys = lib.filesystem.listFilesRecursive ../keys;
|
||||||
hostname = config.networking.hostName;
|
hostname = config.networking.hostName;
|
||||||
sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path;
|
sopsHashedPasswordFile = config.sops.secrets."passwords/${username}".path;
|
||||||
secretsDirectory = builtins.toString inputs.nix-secrets;
|
secretsDirectory = builtins.toString inputs.nix-secrets;
|
||||||
secretsFile = "${secretsDirectory}/secrets.yaml";
|
secretsFile = "${secretsDirectory}/secrets.yaml";
|
||||||
|
in {
|
||||||
in
|
|
||||||
{
|
|
||||||
users.users.${username} = {
|
users.users.${username} = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
shell = pkgs.zsh;
|
shell = pkgs.zsh;
|
||||||
|
|
@ -31,13 +34,26 @@ in
|
||||||
sopsFile = "${secretsFile}";
|
sopsFile = "${secretsFile}";
|
||||||
neededForUsers = true;
|
neededForUsers = true;
|
||||||
};
|
};
|
||||||
|
"ssh_keys/${username}/id_ed25519" = {
|
||||||
|
path = "/home/${username}/.ssh/id_ed25519";
|
||||||
|
mode = "0600";
|
||||||
|
owner = "${username}";
|
||||||
|
};
|
||||||
|
"ssh_keys/${username}/id_ed25519.pub" = {
|
||||||
|
path = "/home/${username}/.ssh/id_ed25519.pub";
|
||||||
|
mode = "0644";
|
||||||
|
owner = "${username}";
|
||||||
|
};
|
||||||
|
"github-access-token" = {
|
||||||
|
mode = "0655";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
programs.fuse.userAllowOther = true;
|
programs.fuse.userAllowOther = true;
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
extraSpecialArgs = { inherit inputs; };
|
extraSpecialArgs = {inherit inputs;};
|
||||||
users = {
|
users = {
|
||||||
${username} = import ../../../../home/${hostname}.nix;
|
${username} = import ../../../../home/${hostname}.nix;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue