repomaa/nixos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move ssh key to variable for DRYness

Browse Source
This commit is contained in:
Joakim Repomaa
2025-02-07 12:26:36 +02:00
committed by Joakim Repomaa
parent 7a24ac5fe6
commit 6aa0640684
4 changed files with 10 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
flake.nix
View File

@@ -47,7 +47,8 @@
outputs = { nixpkgs, ... }@inputs: outputs = { nixpkgs, ... }@inputs:
let let
bin.sshPort = 2222; bin.sshPort = 2222;
specialArgs = { inherit inputs bin; }; ssh.publicKeys.yubikey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=";
specialArgs = { inherit inputs bin ssh; };
system = "x86_64-linux"; system = "x86_64-linux";
in in
{ {

6
hosts/apu/configuration.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is availanodev"; # your system. Help is availanodev";
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). # https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ lib, pkgs, config, ... }: { ssh, pkgs, config, ... }:
{ {
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
@@ -157,9 +157,7 @@
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [ pkgs.nh ]; packages = [ pkgs.nh ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
];
initialPassword = "change-me"; initialPassword = "change-me";
}; };

8
hosts/freun.dev/configuration.nix
View File

@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, self, ... }: { config, pkgs, ssh, ... }:
{ {
nix = { nix = {
@@ -107,11 +107,11 @@
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = [ pkgs.nh ]; packages = [ pkgs.nh ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [ ssh.publicKeys.yubikey ];
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4="
];
}; };
nix.settings.trusted-users = [ "jokke" ];
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [

6
hosts/freun.dev/services/snips.nix
View File

@@ -1,13 +1,11 @@
{ pkgs, bin, ... }: { pkgs, bin, ssh, ... }:
let let
fqdn = "bin.freun.dev"; fqdn = "bin.freun.dev";
port = 3600; port = 3600;
sshPort = bin.sshPort; sshPort = bin.sshPort;
authorizedKeys = pkgs.writeTextFile { authorizedKeys = pkgs.writeTextFile {
name = "authorized_keys"; name = "authorized_keys";
text = '' text = ssh.publicKeys.yubikey;
ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLIUkESu5NnBi1M0+ZjYrkp6/rIFuwc3aguspf98jmOydNce6l65cnS3GRzc9oWx4lu11ahi87ZuE+pYV+gaHm4=
'';
}; };
in in
{ {