fix(ssh): automate preference for hardware backed ssh keys

2026-05-12 13:05:05 +02:00
parent 62788417f0
commit 66ba64801f
1 changed files with 10 additions and 2 deletions
--- a/modules/ssh/extract-keys.nix
+++ b/modules/ssh/extract-keys.nix
@@ -14,8 +14,16 @@ in
      chmod 644 "$HOST_DIR/ssh_host.pub"
    fi

-    USER_KEY="/home/${username}/.ssh/id_ed25519.pub"
-    if [ -f "$USER_KEY" ] && [ -d "$HOST_DIR" ]; then
+    USER_KEY=""
+    for candidate in \
+        "/home/${username}/.ssh/id_ed25519_sk.pub" \
+        "/home/${username}/.ssh/id_ed25519.pub"; do
+      if [ -f "$candidate" ]; then
+        USER_KEY="$candidate"
+        break
+      fi
+    done
+    if [ -n "$USER_KEY" ] && [ -d "$HOST_DIR" ]; then
      cp "$USER_KEY" "$HOST_DIR/ssh_user.pub"
      chown ${username}:users "$HOST_DIR/ssh_user.pub"
      chmod 644 "$HOST_DIR/ssh_user.pub"