VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Move to using Vaultwarden SSH keys

Browse source
This commit is contained in:
Vili Sinervä 2025-05-27 21:15:41 +03:00
parent 5d2c9ba372
commit a00867587b
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
5 changed files with 9 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
base.nix
View file

@ -89,9 +89,7 @@
settings.PasswordAuthentication = false; settings.PasswordAuthentication = false;
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPiupf3xK6eWvno7R2rDYPuDxVvbmzWh5EkR1rquvV9hAAAABHNzaDo= vili@helium" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHr/1uVk5cWRWAELvwVvBG+eAbkKqpH2gat1yKKO11roAAAABHNzaDo= vili@lithium"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOk8akyi6Ob1EOPugxnjdlMQs9rOAbxBbakT8olBFe7 backup_ssh"
]; ];
services.fail2ban = { services.fail2ban = {

2
desktop.nix
View file

@ -42,6 +42,7 @@ in
networkmanagerapplet networkmanagerapplet
flameshot flameshot
speedcrunch speedcrunch
bitwarden
zotero zotero
kile kile
@ -50,6 +51,7 @@ in
ghostscript ghostscript
kdePackages.okular kdePackages.okular
]; ];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
services = { services = {
displayManager = { displayManager = {

3
development.nix
View file

@ -16,7 +16,7 @@ in
user = { user = {
email = "vili.m.sinerva@gmail.com"; email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä"; name = "Vili Sinervä";
signingkey = "DF8FEAF54EFAC996!"; signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
}; };
merge = { merge = {
ff = "true"; ff = "true";
@ -27,6 +27,7 @@ in
commit = { commit = {
verbose = "true"; verbose = "true";
}; };
gpg.format = "ssh";
commit.gpgsign = "true"; commit.gpgsign = "true";
}; };
}; };

11
hardware-specific/onlykey.nix
View file

@ -19,19 +19,8 @@
})) }))
onlykey-cli onlykey-cli
onlykey-agent
gpa
]; ];
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-curses;
};
hardware.onlykey.enable = true; hardware.onlykey.enable = true;
environment.variables = {
GNUPGHOME = "/home/vili/.gnupg/onlykey";
};
security.pam.u2f.enable = true;
programs.i3lock.u2fSupport = true; programs.i3lock.u2fSupport = true;
} }

5
services/gitea.nix
View file

@ -28,7 +28,10 @@
HTTP_PORT = 8000; HTTP_PORT = 8000;
ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}"; ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
}; };
service.DISABLE_REGISTRATION = true; # Disable for initial setup service = {
DISABLE_REGISTRATION = true; # Disable for initial setup
ENABLE_PASSKEY_AUTHENTICATION = true;
};
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
mailer = { mailer = {
ENABLED = true; ENABLED = true;