kfm/niveum
1
0
Fork 0
mirror of https://github.com/kmein/niveum synced 2026-03-20 03:51:07 +01:00
Code Releases Activity

feat: automate entering ssh passphrase

Browse Source
This commit is contained in:
Kierán Meinhardt
2022-09-08 08:46:53 +02:00
parent de34cb6d66
commit c16123dc8d
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ci.nix
View File

@@ -56,7 +56,7 @@
"spotify/password" "spotify/password"
]; ];
systemSecrets = let systemSecrets = let
basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem"]; basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem" "ssh/passphrase"];
in in
{ {
zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic); zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic);

10
configs/ssh.nix
View File

@@ -7,8 +7,16 @@
inherit (import <niveum/lib>) sshPort kieran; inherit (import <niveum/lib>) sshPort kieran;
externalNetwork = import <niveum/lib/external-network.nix>; externalNetwork = import <niveum/lib/external-network.nix>;
sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}"; sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
in { in {
services.xserver.displayManager.sessionCommands = "${pkgs.openssh}/bin/ssh-add"; services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
#!${pkgs.expect}/bin/expect -f
spawn ${pkgs.openssh}/bin/ssh-add
expect "Enter passphrase for *:"
send "${ssh-passphrase}\n";
expect "Identity added: *"
interact
'');
programs.ssh.startAgent = true; programs.ssh.startAgent = true;