Centralize listing of SSH public keys
This commit is contained in:
parent
b477690d33
commit
616986f534
SSH key fingerprint:
SHA256:FladqYjaE4scJY3Hi+gnShZ6ygnTJgixy0I6BAoHyos
6 changed files with 48 additions and 25 deletions
|
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
|
config,
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
nixpkgs-flake,
|
nixpkgs-flake,
|
||||||
|
|
@ -15,10 +16,33 @@
|
||||||
default = null;
|
default = null;
|
||||||
description = "IPv6 GUA Prefix to use in other confs";
|
description = "IPv6 GUA Prefix to use in other confs";
|
||||||
};
|
};
|
||||||
|
sshKeys = lib.mkOption {
|
||||||
|
type = with lib.types; attrsOf str;
|
||||||
|
default = { };
|
||||||
|
description = "attrSet of SSH public keys";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
custom.networking.guaPref = "2001:14ba:a090:39";
|
custom = {
|
||||||
|
networking.guaPref = "2001:14ba:a090:39";
|
||||||
|
sshKeys = {
|
||||||
|
vili-bw-main = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
|
||||||
|
cert-store = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNhPvGogPY/O6kIqrpbz0EcK4L5QQShvD+vuyk7FxFd";
|
||||||
|
ci = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgT2MGhvvJkWSNCfN0my/lNsTQtTV6+OcTHBSPVlGFA";
|
||||||
|
forgejo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG74oN4MnrCm/rm1WyYy7M7Lv1qMRgcy3sDCgj6YN2zE";
|
||||||
|
gaming = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5HaiVVOfb8l19aVGG1CTkZ25G439Llg4aieZdKFzSq";
|
||||||
|
# TODO Helium
|
||||||
|
idacloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbOwFM599I7trhizhUe1ZpnXf8q4Uz3zgAnMCwwCf0K";
|
||||||
|
lithium = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRtE6KCyD6BFfzff9cuD2ZhEdPKEgp+WGsD0s81736J";
|
||||||
|
opnsense = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1";
|
||||||
|
nextcloud = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvVPRMrYsacSWyVSFFydgIB9vSiu5gKs7Pn+jipTGpV";
|
||||||
|
siit-dc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCp67Rr03FH0DGhl6d2w/otBNaC5sI1y6rt5Gfi2tP6";
|
||||||
|
syncthing = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8s/x8NcdOHPVcTSuVj+X9/J+qbuZEB792YaOG0CUzD";
|
||||||
|
vaultwarden = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10aYyPOgpd+WAtgSyomH3sE6Cq54GftVm5xeC8KKlz";
|
||||||
|
zfs-backup = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
######################################## Packages ###############################################
|
######################################## Packages ###############################################
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
@ -105,9 +129,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
settings.PasswordAuthentication = false;
|
settings.PasswordAuthentication = false;
|
||||||
};
|
};
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users.root.openssh.authorizedKeys.keys = [ config.custom.sshKeys.vili-bw-main ];
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main"
|
|
||||||
];
|
|
||||||
|
|
||||||
######################################## Localization ###########################################
|
######################################## Localization ###########################################
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ in
|
||||||
user = {
|
user = {
|
||||||
email = "vili.m.sinerva@gmail.com";
|
email = "vili.m.sinerva@gmail.com";
|
||||||
name = "Vili Sinervä";
|
name = "Vili Sinervä";
|
||||||
signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
|
signingkey = config.custom.sshKeys.vili-bw-main;
|
||||||
};
|
};
|
||||||
merge = {
|
merge = {
|
||||||
ff = "true";
|
ff = "true";
|
||||||
|
|
|
||||||
|
|
@ -71,12 +71,11 @@ in
|
||||||
users.users."cert-store" = {
|
users.users."cert-store" = {
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
|
openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsctvJR4JOVoTAas0+lb8662EXFsQVNozTntnR7o5R1 opnsense"
|
config.custom.sshKeys.opnsense
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
services.openssh.knownHosts."forgejo.sinerva.eu".publicKey =
|
services.openssh.knownHosts."forgejo.sinerva.eu".publicKey = config.custom.sshKeys.forgejo;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG74oN4MnrCm/rm1WyYy7M7Lv1qMRgcy3sDCgj6YN2zE";
|
|
||||||
|
|
||||||
environment.systemPackages = [ update-cert ];
|
environment.systemPackages = [ update-cert ];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -42,8 +42,8 @@ in
|
||||||
max-jobs = lib.mkIf cfg.remoteBuilds.exclusive 0;
|
max-jobs = lib.mkIf cfg.remoteBuilds.exclusive 0;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.openssh.knownHosts."cache.sinerva.eu".publicKey =
|
services.openssh.knownHosts."cache.sinerva.eu".publicKey = config.custom.sshKeys.ci;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFgT2MGhvvJkWSNCfN0my/lNsTQtTV6+OcTHBSPVlGFA";
|
|
||||||
programs.ssh.extraConfig = ''
|
programs.ssh.extraConfig = ''
|
||||||
Host cache.sinerva.eu
|
Host cache.sinerva.eu
|
||||||
IdentityFile /etc/ssh/ssh_host_ed25519_key
|
IdentityFile /etc/ssh/ssh_host_ed25519_key
|
||||||
|
|
|
||||||
|
|
@ -33,19 +33,22 @@ in
|
||||||
enable = true;
|
enable = true;
|
||||||
trusted = true;
|
trusted = true;
|
||||||
write = true;
|
write = true;
|
||||||
keys = [
|
keys =
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKNhPvGogPY/O6kIqrpbz0EcK4L5QQShvD+vuyk7FxFd root@cert-store"
|
let
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG74oN4MnrCm/rm1WyYy7M7Lv1qMRgcy3sDCgj6YN2zE root@forgejo"
|
keys = config.custom.sshKeys;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5HaiVVOfb8l19aVGG1CTkZ25G439Llg4aieZdKFzSq root@gaming"
|
in
|
||||||
# TODO Helium
|
[
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGbOwFM599I7trhizhUe1ZpnXf8q4Uz3zgAnMCwwCf0K root@idacloud"
|
keys.cert-store
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBRtE6KCyD6BFfzff9cuD2ZhEdPKEgp+WGsD0s81736J root@lithium"
|
keys.forgejo
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPvVPRMrYsacSWyVSFFydgIB9vSiu5gKs7Pn+jipTGpV root@nextcloud"
|
keys.gaming
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCp67Rr03FH0DGhl6d2w/otBNaC5sI1y6rt5Gfi2tP6 root@siit-dc"
|
# TODO Helium
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8s/x8NcdOHPVcTSuVj+X9/J+qbuZEB792YaOG0CUzD root@syncthing"
|
keys.idacloud
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII10aYyPOgpd+WAtgSyomH3sE6Cq54GftVm5xeC8KKlz root@vaultwarden"
|
keys.lithium
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8 root@zfs-backup"
|
keys.nextcloud
|
||||||
];
|
keys.syncthing
|
||||||
|
keys.vaultwarden
|
||||||
|
keys.zfs-backup
|
||||||
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -17,7 +17,6 @@ in
|
||||||
remoteFilesystem = "zroot/backups/${config.networking.hostName}";
|
remoteFilesystem = "zroot/backups/${config.networking.hostName}";
|
||||||
username = "root";
|
username = "root";
|
||||||
};
|
};
|
||||||
services.openssh.knownHosts."zfs-backup.vsinerva.fi".publicKey =
|
services.openssh.knownHosts."zfs-backup.vsinerva.fi".publicKey = config.custom.sshKeys.zfs-backup;
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWGvIc4sq+WzPqT2y003zga3StMgj7F8vwTjNkZ//d8";
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue