kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat: gpg ssh key

Browse Source
This commit is contained in:
Kierán Meinhardt
2023-03-11 06:36:22 +01:00
parent dc267fc464
commit 11f1be099e
1 changed files with 12 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
configs/ssh.nix
View File

@@ -7,24 +7,21 @@
inherit (import ../lib) sshPort kieran;
externalNetwork = import ../lib/external-network.nix;
sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
in {
/*
TODO how do I do this?
services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
#!${pkgs.expect}/bin/expect -f
spawn ${pkgs.openssh}/bin/ssh-add
expect "Enter passphrase for *:"
send "${ssh-passphrase}\n";
expect "Identity added: *"
interact
'');
*/
programs.ssh.startAgent = true;
users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;
home-manager.users.me = {
services.gpg-agent = rec {
enable = true;
enableSshSupport = true;
defaultCacheTtlSsh = 2 * 60 * 60;
maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
sshKeys = [
"568047C91DE03A23883E340F15A9C24D313E847C"
];
};
};
home-manager.users.me.programs.ssh = {
enable = true;
matchBlocks = rec {