move ssh key to variable for DRYness

2025-02-07 12:26:36 +02:00
parent 7a24ac5fe6
commit 6aa0640684
4 changed files with 10 additions and 13 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -47,7 +47,8 @@
  outputs = { nixpkgs, ... }@inputs:
    let
      bin.sshPort = 2222;
-      specialArgs = { inherit inputs bin; };
+      ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
+      specialArgs = { inherit inputs bin ssh; };
      system = "x86_64-linux";
    in
    {
--- a/hosts/apu/configuration.nix
+++ b/hosts/apu/configuration.nix
@@ -2,7 +2,7 @@
 # your system. Help is availanodev";
 # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

-{ lib, pkgs, config, ... }:
+{ ssh, pkgs, config, ... }:
 {
  boot.loader.grub.enable = true;
  boot.loader.grub.device = "/dev/sda";
@@ -157,9 +157,7 @@
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    packages = [ pkgs.nh ];
-    openssh.authorizedKeys.keys = [
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
-    ];
+    openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
    initialPassword = "change-me";
  };

--- a/hosts/freun.dev/configuration.nix
+++ b/hosts/freun.dev/configuration.nix
@@ -2,7 +2,7 @@
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running `nixos-help`).

-{ config, pkgs, self, ... }:
+{ config, pkgs, ssh, ... }:

 {
  nix = {
@@ -107,11 +107,11 @@
    isNormalUser = true;
    extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
    packages = [ pkgs.nh ];
-    openssh.authorizedKeys.keys = [
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
-    ];
+    openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
  };

+  nix.settings.trusted-users = [ "jokke" ];
+
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [
--- a/hosts/freun.dev/services/snips.nix
+++ b/hosts/freun.dev/services/snips.nix
@@ -1,13 +1,11 @@
-{ pkgs, bin, ... }:
+{ pkgs, bin, ssh, ... }:
 let
  fqdn = "bin.freun.dev";
  port = 3600;
  sshPort = bin.sshPort;
  authorizedKeys = pkgs.writeTextFile {
    name = "authorized_keys";
-    text = ''
-      ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=
-    '';
+    text = ssh.publicKeys.yubikey;
  };
 in
 {