fix: prefer hardware-backed ssh keys

2026-04-10 23:05:18 +02:00
parent 28dc9d9570
commit 13f246e2ba
2 changed files with 8 additions and 1 deletions
--- a/home/modules/ssh/default.nix
+++ b/home/modules/ssh/default.nix
@@ -39,6 +39,10 @@ in
      // {
        "*" = {
          addKeysToAgent = "yes";
          identityFile = [
            "~/.ssh/id_ed25519_sk"
            "~/.ssh/id_ed25519"
          ];
        };
      };
  };
--- a/modules/ssh/extract-keys.nix
+++ b/modules/ssh/extract-keys.nix
@@ -14,7 +14,10 @@ in
      chmod 644 "$HOST_DIR/ssh_host.pub"
    fi
    USER_KEY="/home/${username}/.ssh/id_ed25519_sk.pub"
    if [ ! -f "$USER_KEY" ]; then
      USER_KEY="/home/${username}/.ssh/id_ed25519.pub"
    fi
    if [ -f "$USER_KEY" ] && [ -d "$HOST_DIR" ]; then
      cp "$USER_KEY" "$HOST_DIR/ssh_user.pub"
      chown ${username}:users "$HOST_DIR/ssh_user.pub"