feat: automate SSH config ('known_hosts', 'authorized_keys' ...)

2026-01-17 17:37:37 +01:00
parent 33b022c659
commit 8464884fdb
15 changed files with 143 additions and 9 deletions
--- a/modules/ssh/authorized-keys.nix
+++ b/modules/ssh/authorized-keys.nix
@@ -0,0 +1,24 @@
+{ lib, config, ... }:
+{
+  options.ssh = {
+    authorizedHosts = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [ ];
+    };
+    username = lib.mkOption {
+      type = lib.types.str;
+      default = "h";
+    };
+  };
+
+  # auto generate authorized_keys from `authorizedHosts`
+  config.users.users.${config.ssh.username}.openssh.authorizedKeys.keys = lib.flatten (
+    map (
+      hostname:
+      let
+        keyFile = ../../hosts/${hostname}/ssh_user.pub;
+      in
+      lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
+    ) config.ssh.authorizedHosts
+  );
+}