this repo has no description
refactor: move trusted SSH keys to per host config
+33
-3
+5
base/default.nix
+5
base/default.nix
···
10
10
type = lib.types.str;
11
11
description = "Local account username for this host.";
12
12
};
13
+
authorizedKeys = lib.mkOption {
14
+
type = lib.types.listOf lib.types.str;
15
+
default = [];
16
+
description = "SSH public keys authorized for the primary user on this host.";
17
+
};
13
18
};
14
19
15
20
config = {
+2
-3
base/linux.nix
+2
-3
base/linux.nix
···
2
2
3
3
let
4
4
username = config.primaryUser.username;
5
+
authorizedKeys = config.primaryUser.authorizedKeys;
5
6
in
6
7
7
8
{
···
135
136
"video"
136
137
"wheel"
137
138
];
138
-
openssh.authorizedKeys.keys = [
139
-
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG"
140
-
];
139
+
openssh.authorizedKeys.keys = authorizedKeys;
141
140
shell = pkgs.zsh;
142
141
};
143
142
+5
hosts/AS-GXL19NXYYQ.nix
+5
hosts/AS-GXL19NXYYQ.nix
···
7
7
];
8
8
9
9
primaryUser.username = "kdoan";
10
+
primaryUser.authorizedKeys = [
11
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG"
12
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpnKoOldKbNVElb8ve6ZQ8ArcipbyZBYsgNH8rJnqp0i/2RzOGEBJbDwnCrHuWXuS3BbsmmwoG/RlnqAyJdn4E="
13
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEtp6vl/snmGvkfoy42OwxSSWhd4PvlCxX4bx4NgXgvpXuITfq1NpRc7YTqn5LAWobyVEQ3/zKARI3aXH/YW0/s="
14
+
];
10
15
11
16
networking.hostName = "AS-GXL19NXYYQ";
12
17
}
+5
hosts/MacBookPro.nix
+5
hosts/MacBookPro.nix
···
7
7
];
8
8
9
9
primaryUser.username = "khuedoan";
10
+
primaryUser.authorizedKeys = [
11
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG"
12
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpnKoOldKbNVElb8ve6ZQ8ArcipbyZBYsgNH8rJnqp0i/2RzOGEBJbDwnCrHuWXuS3BbsmmwoG/RlnqAyJdn4E="
13
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEtp6vl/snmGvkfoy42OwxSSWhd4PvlCxX4bx4NgXgvpXuITfq1NpRc7YTqn5LAWobyVEQ3/zKARI3aXH/YW0/s="
14
+
];
10
15
11
16
networking.hostName = "MacBookPro";
12
17
}
+5
hosts/codeserver.nix
+5
hosts/codeserver.nix
···
8
8
];
9
9
10
10
primaryUser.username = "khuedoan";
11
+
primaryUser.authorizedKeys = [
12
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG"
13
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpnKoOldKbNVElb8ve6ZQ8ArcipbyZBYsgNH8rJnqp0i/2RzOGEBJbDwnCrHuWXuS3BbsmmwoG/RlnqAyJdn4E="
14
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEtp6vl/snmGvkfoy42OwxSSWhd4PvlCxX4bx4NgXgvpXuITfq1NpRc7YTqn5LAWobyVEQ3/zKARI3aXH/YW0/s="
15
+
];
11
16
12
17
nixpkgs = {
13
18
hostPlatform = "x86_64-linux";
+1
hosts/macos-test.nix
+1
hosts/macos-test.nix
+5
hosts/ryzentower.nix
+5
hosts/ryzentower.nix
···
9
9
];
10
10
11
11
primaryUser.username = "khuedoan";
12
+
primaryUser.authorizedKeys = [
13
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG"
14
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpnKoOldKbNVElb8ve6ZQ8ArcipbyZBYsgNH8rJnqp0i/2RzOGEBJbDwnCrHuWXuS3BbsmmwoG/RlnqAyJdn4E="
15
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEtp6vl/snmGvkfoy42OwxSSWhd4PvlCxX4bx4NgXgvpXuITfq1NpRc7YTqn5LAWobyVEQ3/zKARI3aXH/YW0/s="
16
+
];
12
17
13
18
networking = {
14
19
hostName = "ryzentower";
+5
hosts/thinkpadz13.nix
+5
hosts/thinkpadz13.nix
···
9
9
];
10
10
11
11
primaryUser.username = "khuedoan";
12
+
primaryUser.authorizedKeys = [
13
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN5ue4np7cF34f6dwqH1262fPjkowHQ8irfjVC156PCG"
14
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHpnKoOldKbNVElb8ve6ZQ8ArcipbyZBYsgNH8rJnqp0i/2RzOGEBJbDwnCrHuWXuS3BbsmmwoG/RlnqAyJdn4E="
15
+
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEtp6vl/snmGvkfoy42OwxSSWhd4PvlCxX4bx4NgXgvpXuITfq1NpRc7YTqn5LAWobyVEQ3/zKARI3aXH/YW0/s="
16
+
];
12
17
13
18
hardware = {
14
19
graphics = {