kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-16 10:11:08 +01:00
Code Releases Activity

feat: do not depend on github for ssh keys bc insecure

Browse Source
This commit is contained in:
Kierán Meinhardt
2024-03-24 12:11:35 +01:00
parent 83ca7976ce
commit aecf6b8616
4 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
configs/ssh.nix
View File

@@ -2,7 +2,7 @@
inherit (import ../lib) sshPort kieran; inherit (import ../lib) sshPort kieran;
externalNetwork = import ../lib/external-network.nix; externalNetwork = import ../lib/external-network.nix;
in { in {
users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs; users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys;
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
@@ -28,15 +28,15 @@ in {
}; };
# environment.extraInit = '' # environment.extraInit = ''
# if [[ -z "$SSH_AUTH_SOCK" ]]; then # if [[ -z "$SSH_AUTH_SOCK" ]]; then
# export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)" # export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"
# fi # fi
# ''; # '';
# environment.interactiveShellInit = '' # environment.interactiveShellInit = ''
# GPG_TTY="$(tty)" # GPG_TTY="$(tty)"
# export GPG_TTY # export GPG_TTY
# ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null # ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null
# ''; # '';
home-manager.users.me.programs.ssh = { home-manager.users.me.programs.ssh = {

2
configs/sshd.nix
View File

@@ -17,5 +17,5 @@ in {
}; };
}; };
users.users.root.openssh.authorizedKeys.keys = kieran.sshKeys pkgs; users.users.root.openssh.authorizedKeys.keys = kieran.sshKeys;
} }

10
lib/default.nix
View File

@@ -67,11 +67,11 @@
github = "kmein"; github = "kmein";
email = "kmein@posteo.de"; email = "kmein@posteo.de";
name = "Kierán Meinhardt"; name = "Kierán Meinhardt";
sshKeys = pkgs: sshKeys = [
pkgs.lib.strings.splitString "\n" (pkgs.lib.strings.fileContents (pkgs.fetchurl { "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyTnGhFq0Q+vghNhrqNrAyY+CsN7nNz8bPfiwIwNpjk" # kabsa
url = "https://github.com/kmein.keys"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOiQEc8rTr7C7xVLYV7tQ99BDDBLrJsy5hslxtCEatkB" # manakish
hash = "sha256-kabB1yNEToMw1Lcf4WYx4IfuuLzHOPvABTQku5CE60A="; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByreBjBEMJKjgpKLd5XZHIUUwIhNafVqN6OUOQpJa3y" # fatteh
})); ];
}; };
syncthing.devices = { syncthing.devices = {

2
systems/makanek/weechat.nix
View File

@@ -193,7 +193,7 @@ in {
users.extraUsers.weechat = { users.extraUsers.weechat = {
useDefaultShell = true; useDefaultShell = true;
openssh.authorizedKeys.keys = openssh.authorizedKeys.keys =
kieran.sshKeys pkgs kieran.sshKeys
++ [ ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@heym" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC+KVDmYYH7mA8v81e9O3swXm3ZVYY9t4HP65ud61uXy weechat_android@heym"
]; ];