martials/nixos-configuration
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

♻️ [shared] Refactor ssh config to be dynamic

Browse Source
This commit is contained in:
Martin Berg Alstad
2025-05-19 21:42:29 +02:00
parent b2fd4f1da5
commit c6fcb7b6b8
2 changed files with 26 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
flake.nix
View File

@ -74,15 +74,18 @@
hostName = "desktop"; hostName = "desktop";
system = "x86_64-linux"; system = "x86_64-linux";
nvidia.enable = true; nvidia.enable = true;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz";
} }
{ {
hostName = "thinkpad"; hostName = "thinkpad";
system = "x86_64-linux"; system = "x86_64-linux";
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
} }
{ {
hostName = "pi4"; hostName = "pi4";
system = "aarch64-linux"; system = "aarch64-linux";
wayland.enable = false; wayland.enable = false;
ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
} }
# TODO Homelab config # TODO Homelab config
]; ];
@ -126,6 +129,7 @@
theme theme
lib lib
systemConfig systemConfig
systems
; ;
isDarwin = false; isDarwin = false;
}; };

49
shared/modules/security/ssh.nix
View File

@ -1,33 +1,26 @@
# /nix/store/<hash>/etc/ssh/ssh_config # /nix/store/<hash>/etc/ssh/ssh_config
{ systemConfig, ... }: { systemConfig, systems, ... }:
with builtins;
{ let
programs.ssh.knownHosts =
let
domain = "dns.martials.no"; domain = "dns.martials.no";
in allSystems = systems ++ [
{ {
desktop = { hostName = "homelab";
extraHostNames = [ "desktop.${domain}" ]; ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz"; }
};
thinkpad = {
extraHostNames = [ "thinkpad.${domain}" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH";
};
pi4 = {
extraHostNames = [ "pi4.${domain}" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE";
};
homelab = {
extraHostNames = [ "homelab.${domain}" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
};
};
users.users.${systemConfig.username}.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSzXyTuQyTrWsfORQbvgrqt/33+hfSUDXeMg6D1T2wz"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNlHKE/BD8kKfhJD7GBk1A3whZf3gTjk9VEgGAj3qsH"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJE9m7YiITe1sDqSZ7Pa8luIw3WToLsypixZEqE4wCQE"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl"
]; ];
in
{
programs.ssh.knownHosts = listToAttrs (
map (system: {
name = system.hostName;
value = {
extraHostNames = [ "${system.hostName}.${domain}" ];
publicKey = system.ssh.publicKey;
};
}) allSystems
);
users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
map (system: system.ssh.publicKey) allSystems
);
} }