add ssh automatic signing through ssh

4 files changed, 29 insertions, 13 deletions

diff --git a/secrets/hosts-pub-keys.nix b/secrets/hosts-pub-keys.nix
deleted file mode 100644
index 5d4521e..0000000
--- a/secrets/hosts-pub-keys.nix
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  larissa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC";
-  kunagisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm";
-  hanekawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub";
-}
diff --git a/secrets/pub-ssh-keys.nix b/secrets/pub-ssh-keys.nix
new file mode 100644
index 0000000..14bda29
--- /dev/null
+++ b/secrets/pub-ssh-keys.nix
@@ -0,0 +1,14 @@
+{
+  larissa = {
+    host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC";
+    user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFQN59YDFwwQt/1rb1dHZnxsNV2geWUvHyTKqjdSA52";
+  };
+  kunagisa = {
+    host="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm";
+    user="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWxS8tdN3j7Vm337RmJTzYTMbkAZN5g610ZesH4vhd8";
+  };
+  hanekawa = {
+    host="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub";
+    user="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOafACtb4IgSczDrollTm/t/xIYcVdLlUxDz72TxsZJZ";
+  };
+}
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 706d1db..3fb2dc0 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -1,9 +1,6 @@
 let
-  kunagisa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWxS8tdN3j7Vm337RmJTzYTMbkAZN5g610ZesH4vhd8";
-  hanekawa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOafACtb4IgSczDrollTm/t/xIYcVdLlUxDz72TxsZJZ";
-  larissa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFQN59YDFwwQt/1rb1dHZnxsNV2geWUvHyTKqjdSA52";
-  hosts-keys = builtins.attrValues (import ./hosts-pub-keys.nix);
-  keys = [ kunagisa-user hanekawa-user larissa-user] ++ hosts-keys;
+  inherit (builtins) attrValues concatLists;
+  keys = concatLists (map attrValues (attrValues (import ./pub-ssh-keys.nix)));
 in
 {
   "personal-mail.age".publicKeys = keys;
diff --git a/users/leonardo.nix b/users/leonardo.nix
index 4795223..d485e8f 100644
--- a/users/leonardo.nix
+++ b/users/leonardo.nix
@@ -1,4 +1,9 @@
 { pkgs, config, inputs, ... }:
+let
+  all-keys = import ../secrets/pub-ssh-keys.nix;
+  sshkeys = all-keys.${config.networking.hostName};
+  user-key = sshkeys.user;
+in
 {
   imports = [
     ../modules/gnome.nix
@@ -107,7 +112,7 @@
       extraGroups = [ "networkmanager" "wheel" ];
       shell = pkgs.bashInteractive;
       hashedPasswordFile = config.age.secrets.user-pass.path;
-      openssh.authorizedKeys.keys = builtins.attrValues (import ../secrets/hosts-pub-keys.nix);
+      openssh.authorizedKeys.keys = builtins.concatLists (map builtins.attrValues (builtins.attrValues all-keys));
     };
 
     age.secrets = {
@@ -227,9 +232,14 @@
             enable = true;
             diff-so-fancy.enable = true;
             extraConfig = {
-              user.name = "Leonardo Santiago";
-              user.email = "[email protected]";
+              user = {
+                name = "Leonardo Santiago";
+                email = "[email protected]";
+                signingkey = user-key;
+              };
               color.ui = true;
+              gpg.format = "ssh";
+              commit.gpgsign = true;
             };
           };
           mu.enable = true;