hektor/nix
1
0
Fork 0
Code Pull Requests Activity

fix(ssh): document hardware-backed SSH keys and set up backup key

Browse Source
This commit is contained in:
Hektor Misplon
2026-05-16 12:42:06 +02:00
parent 90528bd243
commit 124d326c0e
4 changed files with 74 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
modules/ssh/authorized-keys.nix
View File

@@ -17,13 +17,15 @@ in
};
# auto generate authorized_keys from `authorizedHosts`
config.users.users.${username}.openssh.authorizedKeys.keys = lib.flatten (
map (
hostname:
let
keyFile = ../../hosts/${hostname}/ssh_user.pub;
in
lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
);
config.users.users.${username}.openssh.authorizedKeys.keys =
lib.flatten (
map (
hostname:
let
keyFile = ../../hosts/${hostname}/ssh_user.pub;
in
lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
)
++ lib.splitString "\n" (builtins.readFile ./ssh_bak.pub);
}

1
modules/ssh/ssh_bak.pub Normal file
View File

@@ -0,0 +1 @@
sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINg9dwrE10NQ7WMhL/hFJHRNFlDedvloCm9E4XEfnpStAAAABHNzaDo= backup