all: add ssh key with access to run xin-status

This commit is contained in:
Aaron Bieber 2022-11-07 07:22:51 -07:00
parent b3dd8641c6
commit 3572f13a0b
No known key found for this signature in database
3 changed files with 15 additions and 4 deletions

View File

@ -22,11 +22,13 @@ in with lib; {
config = mkIf config.nixManager.enable {
sops.defaultSopsFile = config.xin-secrets.manager;
sops.secrets = {
xin_status_key = { owner = config.nixManager.user; };
xin_status_pubkey = { owner = config.nixManager.user; };
manager_key = { owner = config.nixManager.user; };
manager_pubkey = { owner = config.nixManager.user; };
ca_key = { owner = config.nixManager.user; };
ca_cert = { owner = config.nixManager.user; };
};
environment.systemPackages = with pkgs; [ microca ];
environment.systemPackages = [ microca ];
};
}

View File

@ -3,6 +3,9 @@
let
managementKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDM2k2C6Ufx5RNf4qWA9BdQHJfAkskOaqEWf8yjpySwH Nix Manager";
statusKey = ''
command="/run/current-system/sw/bin/xin-status",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE9PIhQ+yWfBM2tEG+W8W8HXJXqISXif8BcPZHakKvLM xin-status
'';
in {
imports = [
./configs/colemak.nix
@ -32,17 +35,22 @@ in {
];
options.myconf = {
managementPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str;
default = [ managementKey statusKey ];
example = default;
description = "List of management public keys to use";
};
hwPubKeys = lib.mkOption rec {
type = lib.types.listOf lib.types.str;
default = [
managementKey
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIB1cBO17AFcS2NtIT+rIxR2Fhdu3HD4de4+IsFyKKuGQAAAACnNzaDpsZXNzZXI="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDEKElNAm/BhLnk4Tlo00eHN5bO131daqt2DIeikw0b2AAAABHNzaDo="
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBBB/V8N5fqlSGgRCtLJMLDJ8Hd3JcJcY8skI0l+byLNRgQLZfTQRxlZ1yymRs36rXj+ASTnyw5ZDv+q2aXP7Lj0="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHrYWbbgBkGcOntDqdMaWVZ9xn+dHM+Ap6s1HSAalL28AAAACHNzaDptYWlu"
];
example = default;
description = "List of hardwar public keys to use";
description = "List of hardware public keys to use";
};
};

View File

@ -5,7 +5,8 @@ with lib;
let
userBase = {
shell = pkgs.zsh;
openssh.authorizedKeys.keys = config.myconf.hwPubKeys;
openssh.authorizedKeys.keys = config.myconf.hwPubKeys
++ config.myconf.managementPubKeys;
};
goVersion = pkgs.go_1_18;
in {