VSinerva/nixos-conf
1
0
Fork 0
Code Activity Actions

Move to using Vaultwarden SSH keys

Browse source
This commit is contained in:
Vili Sinervä 2025-05-27 21:15:41 +03:00
parent 5d2c9ba372
commit a00867587b
No known key found for this signature in database
GPG key ID: DF8FEAF54EFAC996
5 changed files with 9 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

4
base.nix
View file

@ -89,9 +89,7 @@
settings.PasswordAuthentication = false;
};
users.users.root.openssh.authorizedKeys.keys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPiupf3xK6eWvno7R2rDYPuDxVvbmzWh5EkR1rquvV9hAAAABHNzaDo= vili@helium"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHr/1uVk5cWRWAELvwVvBG+eAbkKqpH2gat1yKKO11roAAAABHNzaDo= vili@lithium"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOOk8akyi6Ob1EOPugxnjdlMQs9rOAbxBbakT8olBFe7 backup_ssh"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV vili-bw-ssh-ed25519-main"
];
services.fail2ban = {

2
desktop.nix
View file

@ -42,6 +42,7 @@ in
networkmanagerapplet
flameshot
speedcrunch
bitwarden
zotero
kile
@ -50,6 +51,7 @@ in
ghostscript
kdePackages.okular
];
programs.zsh.interactiveShellInit = "export SSH_AUTH_SOCK=/home/vili/.bitwarden-ssh-agent.sock";
services = {
displayManager = {

3
development.nix
View file

@ -16,7 +16,7 @@ in
user = {
email = "vili.m.sinerva@gmail.com";
name = "Vili Sinervä";
signingkey = "DF8FEAF54EFAC996!";
signingkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJowj9IJIgYjDwZm5mEttiwvPfu1dd4eVTHfaDnbwcOV";
};
merge = {
ff = "true";
@ -27,6 +27,7 @@ in
commit = {
verbose = "true";
};
gpg.format = "ssh";
commit.gpgsign = "true";
};
};

11
hardware-specific/onlykey.nix
View file

@ -19,19 +19,8 @@
}))
onlykey-cli
onlykey-agent
gpa
];
programs.gnupg.agent = {
enable = true;
pinentryPackage = pkgs.pinentry-curses;
};
hardware.onlykey.enable = true;
environment.variables = {
GNUPGHOME = "/home/vili/.gnupg/onlykey";
};
security.pam.u2f.enable = true;
programs.i3lock.u2fSupport = true;
}

5
services/gitea.nix
View file

@ -28,7 +28,10 @@
HTTP_PORT = 8000;
ROOT_URL = "https://${config.services.gitea.settings.server.DOMAIN}";
};
service.DISABLE_REGISTRATION = true; # Disable for initial setup
service = {
DISABLE_REGISTRATION = true; # Disable for initial setup
ENABLE_PASSKEY_AUTHENTICATION = true;
};
session.COOKIE_SECURE = true;
mailer = {
ENABLED = true;