teidesu/nixfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(teidesu): nix-managed ssh config

Browse source
This commit is contained in:
alina 🌸 2024-05-01 05:48:50 +03:00
parent 59292b38df
commit a0cf3f1a3c
Signed by: teidesu
SSH key fingerprint: SHA256:uNeCpw6aTSU4aIObXLvHfLkDa82HWH9EiOj9AXOIRpI
9 changed files with 71 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
agenix-edit
View file

@ -13,7 +13,7 @@ name="$1"
script_dir=$(dirname "$(readlink -f "$0")") script_dir=$(dirname "$(readlink -f "$0")")
if [ "$is_unsafe" == "true" ]; then if [ "$is_unsafe" == "true" ]; then
name="$name.UNSAFE" name="UNSAFE.$name"
public_key=$(cat "$script_dir/ssh/agenix-unsafe.pub") public_key=$(cat "$script_dir/ssh/agenix-unsafe.pub")
else else
public_key=$(cat "$script_dir/ssh/agenix.pub") public_key=$(cat "$script_dir/ssh/agenix.pub")

24
lib/secrets-unsafe.nix
View file

@ -1,19 +1,23 @@
{ pkgs, config, ... }: {
age,
writeShellScript,
system,
stdenv,
...
}:
{ {
readUnsafe = name: let readUnsafe = name: let
path = ../secrets + "/${name}.UNSAFE.age"; isDarwin = stdenv.isDarwin;
identityPath = builtins.elemAt ( identityPath = if isDarwin then "/Users/Shared/agenix-key-unsafe" else "/etc/ssh/agenix-key-unsafe";
builtins.filter (
x: (builtins.match ".*-unsafe$" x) != null path = ../secrets + "/UNSAFE.${name}.age";
) config.age.identityPaths
) 0;
drv = builtins.derivation { drv = builtins.derivation {
system = pkgs.system; system = system;
name = name; name = name;
src = path; src = path;
builder = pkgs.writeShellScript "read-${name}.sh" '' builder = writeShellScript "read-${name}.sh" ''
${pkgs.age}/bin/age --decrypt --identity ${identityPath} $src > $out ${age}/bin/age --decrypt --identity ${identityPath} $src > $out
''; '';
}; };
in builtins.readFile drv; in builtins.readFile drv;

BIN
secrets/UNSAFE.desu-arm-ip.age Normal file
View file

Binary file not shown.

1
ssh/teidesu-git.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXaJrbD5SHp3HDtRX7YxrjO7wpcoY/L41Oc78IdT/l4

0
users/teidesu/alacritty.toml → users/teidesu/assets/alacritty.toml
View file

8
users/teidesu/assets/base_known_hosts Normal file
View file

@ -0,0 +1,8 @@
# github
|1|MnC0ICOowWM7KKgfbwHjSYCUDb0=|Nh2b1pRPPeLXwv5Z30FQa+0KyJ0= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
|1|MidJau0HbJFvuxJOQWQxOdmPKE4=|WW3oPvfillzC5BWLKIEeuWq8YZA= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
|1|Zy4CjKEG3Nn7RypNq9Yf+YhaH08=|s0aozDN7CqfReG7+DqabwsI3gsM= ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
# koi
|1|mHA7S/D4GL5RvmEB+Fj2/FEQhqQ=|QaQPGfyuYGiD5gNHyPSN9NPQkLM= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDROyQOLur9crvuKb33z/xhgy0r8EVbrZzDbCA3Xey4mCDEO+NIY51en7RJ01avZntRjDqFFm/Gm0cQz6HRxQwe8dG4P+OAdE6bqu7dZCU0kAiTtMsuM6u7ULuQnx5gsG0Y+Ez6c5FxrtLGOKeHYzC/QDRbdDFkq+Q09lcrW8EVjDle7B4QibNtf+dRc/UxmGXc9Ji9AJ0C6kWocA4JTdLSpsHklF3nTT60lCMzvdWt1Kn+6WCS3AJUKomjY/OY+dAgikr7saDO3f353QGgRw8shy8hPpt00kReBqXmOYzl3rOxabouWY4T90KZhr3O8wlmHqPu34rFTtHwrfmEdV6cC+94nT80tzMB0Jt/+Wx05CHCQsLr97yFm1dkoWQApVH67im2wd9SxAZxO83r4RwRCox2VaC/J24UmjKRPeETyPfkkKt7v9/O+Rhi8EhVROIO+S0eRsBZy21Si5T/LFJbDEz//MpF+5tGe02aAWVB23BvGXKu8WBDngiLFFhD+dgABBSXCnVeHTpYT3bh8sy2E7COZ2ozDOGwMLLW6mcvNjTEgqHICro+12zGxoCw1fUIg+Ceo0H2au+V873lBf7ohGEZQEAPwxqXeZJiboB5ZZPIC+pkKqjnn9uzXWnDiBcqr8gN9rZ/pzzPC1GK426R7WSutWsXbauvpYGu0yo4aw==
|1|3hK+z5ncJuQWfstveOSecUSW5/0=|OxYTIrGT5Cn5JWRcB3yfpviCdPw= ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB51jm+nmhyxYWrJfVIo7OedneOpVYG1mjwqATRVRtTh

1
users/teidesu/common.nix
View file

@ -3,6 +3,7 @@
inputs.nix-index-database.hmModules.nix-index inputs.nix-index-database.hmModules.nix-index
./zsh.nix ./zsh.nix
./git.nix ./git.nix
./ssh.nix
]; ];
home.stateVersion = "23.11"; home.stateVersion = "23.11";

2
users/teidesu/darwin.nix
View file

@ -32,6 +32,6 @@
yt-dlp yt-dlp
]; ];
home.file.".config/alacritty/alacritty.toml".source = ./alacritty.toml; home.file.".config/alacritty/alacritty.toml".source = ./assets/alacritty.toml;
}; };
} }

45
users/teidesu/ssh.nix Normal file
View file

@ -0,0 +1,45 @@
{ abs, pkgs, lib, ... }:
let
isDarwin = pkgs.stdenv.isDarwin;
secrets = pkgs.callPackage (abs "lib/secrets-unsafe.nix") {};
in {
home.file.".ssh/ssh.pub".source = abs "ssh/teidesu.pub";
home.file.".ssh/git.pub".source = abs "ssh/teidesu-git.pub";
home.file.".ssh/base_known_hosts".source = ./assets/base_known_hosts;
programs.ssh = {
enable = true;
hashKnownHosts = true;
extraOptionOverrides = {
GlobalKnownHostsFile = "~/.ssh/base_known_hosts";
};
matchBlocks = {
desu-arm = {
hostname = secrets.readUnsafe "desu-arm-ip";
forwardAgent = true;
};
koi = {
hostname = "10.42.0.2";
forwardAgent = true;
};
"github.com" = {
identityFile = "~/.ssh/ssh.pub";
};
} // (lib.optionalAttrs isDarwin {
# 1password ssh agent
"*" = {
extraOptions = {
IdentityAgent = "\"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
HostkeyAlgorithms = "+ssh-rsa";
PubkeyAcceptedAlgorithms = "+ssh-rsa";
};
};
});
};
}