From 1e90166600d0be1c4178a3a721790fca5ac2c88a Mon Sep 17 00:00:00 2001 From: Leonardo Santiago Date: Wed, 5 Jun 2024 18:54:36 -0300 Subject: add ssh automatic signing through ssh --- secrets/hosts-pub-keys.nix | 5 ----- secrets/pub-ssh-keys.nix | 14 ++++++++++++++ secrets/secrets.nix | 7 ++----- users/leonardo.nix | 16 +++++++++++++--- 4 files changed, 29 insertions(+), 13 deletions(-) delete mode 100644 secrets/hosts-pub-keys.nix create mode 100644 secrets/pub-ssh-keys.nix diff --git a/secrets/hosts-pub-keys.nix b/secrets/hosts-pub-keys.nix deleted file mode 100644 index 5d4521e..0000000 --- a/secrets/hosts-pub-keys.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - larissa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC"; - kunagisa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm"; - hanekawa = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub"; -} diff --git a/secrets/pub-ssh-keys.nix b/secrets/pub-ssh-keys.nix new file mode 100644 index 0000000..14bda29 --- /dev/null +++ b/secrets/pub-ssh-keys.nix @@ -0,0 +1,14 @@ +{ + larissa = { + host = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINKjyS7vbCxr7oDqBpnhHQQzolAW6Fqt1FTOo+hT+lSC"; + user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFQN59YDFwwQt/1rb1dHZnxsNV2geWUvHyTKqjdSA52"; + }; + kunagisa = { + host="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrMCLu3VvQVmd2cqreAJsVKkrtKXqgzO8i8NDm06ysm"; + user="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWxS8tdN3j7Vm337RmJTzYTMbkAZN5g610ZesH4vhd8"; + }; + hanekawa = { + host="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKuIjOE3xi/frXJHXQuIBntuXP8XyboCWRx48o3sYeub"; + user="ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOafACtb4IgSczDrollTm/t/xIYcVdLlUxDz72TxsZJZ"; + }; +} diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 706d1db..3fb2dc0 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,9 +1,6 @@ let - kunagisa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINWxS8tdN3j7Vm337RmJTzYTMbkAZN5g610ZesH4vhd8"; - hanekawa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOafACtb4IgSczDrollTm/t/xIYcVdLlUxDz72TxsZJZ"; - larissa-user = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFQN59YDFwwQt/1rb1dHZnxsNV2geWUvHyTKqjdSA52"; - hosts-keys = builtins.attrValues (import ./hosts-pub-keys.nix); - keys = [ kunagisa-user hanekawa-user larissa-user] ++ hosts-keys; + inherit (builtins) attrValues concatLists; + keys = concatLists (map attrValues (attrValues (import ./pub-ssh-keys.nix))); in { "personal-mail.age".publicKeys = keys; diff --git a/users/leonardo.nix b/users/leonardo.nix index 4795223..d485e8f 100644 --- a/users/leonardo.nix +++ b/users/leonardo.nix @@ -1,4 +1,9 @@ { pkgs, config, inputs, ... }: +let + all-keys = import ../secrets/pub-ssh-keys.nix; + sshkeys = all-keys.${config.networking.hostName}; + user-key = sshkeys.user; +in { imports = [ ../modules/gnome.nix @@ -107,7 +112,7 @@ extraGroups = [ "networkmanager" "wheel" ]; shell = pkgs.bashInteractive; hashedPasswordFile = config.age.secrets.user-pass.path; - openssh.authorizedKeys.keys = builtins.attrValues (import ../secrets/hosts-pub-keys.nix); + openssh.authorizedKeys.keys = builtins.concatLists (map builtins.attrValues (builtins.attrValues all-keys)); }; age.secrets = { @@ -227,9 +232,14 @@ enable = true; diff-so-fancy.enable = true; extraConfig = { - user.name = "Leonardo Santiago"; - user.email = "leonardo.ribeiro.santiago@gmail.com"; + user = { + name = "Leonardo Santiago"; + email = "leonardo.ribeiro.santiago@gmail.com"; + signingkey = user-key; + }; color.ui = true; + gpg.format = "ssh"; + commit.gpgsign = true; }; }; mu.enable = true; -- cgit v1.2.3