rework the ssh module to use the publicKey directly

This commit is contained in:
jacekpoz 2024-03-06 12:11:58 +01:00
parent d9eda141f3
commit f52134322c
Signed by: poz
SSH key fingerprint: SHA256:JyLeVWE4bF3tDnFeUpUaJsPsNlJyBldDGV/dIKSLyN8
2 changed files with 21 additions and 28 deletions

View file

@ -269,53 +269,44 @@
hostAliases = rec { hostAliases = rec {
github = { github = {
hostName = "github.com"; hostName = "github.com";
identityFile = pkgs.writeText "github.pub" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhNPiKUGyAdhI6jXQsDVj5jqklIh+gVEoCGZEEaC62";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhNPiKUGyAdhI6jXQsDVj5jqklIh+gVEoCGZEEaC62";
}; };
codeberg = { codeberg = {
hostName = "codeberg.org"; hostName = "codeberg.org";
identityFile = pkgs.writeText "codeberg.pub" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZReNUB66x+SkVx0hlbA1lyfEBMpT8IvQ6LPRn52oBl";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZReNUB66x+SkVx0hlbA1lyfEBMpT8IvQ6LPRn52oBl";
}; };
gitlab = { gitlab = {
hostName = "gitlab.com"; hostName = "gitlab.com";
identityFile = pkgs.writeText "gitlab.pub" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/4XLNm1/ea2jtLj2AvPWMigA/xo9mLbRUGurVthiqm";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/4XLNm1/ea2jtLj2AvPWMigA/xo9mLbRUGurVthiqm";
}; };
aur = { aur = {
hostName = "aur.archlinux.org"; hostName = "aur.archlinux.org";
identityFile = pkgs.writeText "aur.pub" publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmXbE1kWeNI58QQ5P5iUae+ql1hNkeRQQmTfME/RNegSCm9GxhWPaOsr70vTyPRPuYzKSRfd5sfoBjEikHPBdbEngFQlx4nocX/eQLkZIaT0RfXg7+SRJFkWdTTL5VqHNk7d7saIn5GESOuChMOvC5y/h6c+Hi6wunoqogrecZmOjs7cBkZR9Xj00syZgfWT5fCIc3f43so84CFqJKEltbTBUfwzDzMeg/HBBnaS/bVRmhow+MTH6o1baXVes58JLl8mdlQskTxiaUNwfrRr2wv0E+YkdYgJsFeMvikv1GCuZI4GCSzgJPTT1c1VhcvZjjCJguRPgSrkZ52wG9+/WDgCON/oGhqWWRm/fodzSXpTfrp8RpUEyl7luHSgu3rzDk5m2m9Igl2Jx5bf6qizLHNLGFkgQUJuc2mihUQZzERpmNmMt+DDxuhlyHfPyIV+vYwwNxGzCFb/QLlUq0TJlW6ptC52BP+ySk+0HLq4HRd78YwFywsAEGJbwDMHwBvNU=";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmXbE1kWeNI58QQ5P5iUae+ql1hNkeRQQmTfME/RNegSCm9GxhWPaOsr70vTyPRPuYzKSRfd5sfoBjEikHPBdbEngFQlx4nocX/eQLkZIaT0RfXg7+SRJFkWdTTL5VqHNk7d7saIn5GESOuChMOvC5y/h6c+Hi6wunoqogrecZmOjs7cBkZR9Xj00syZgfWT5fCIc3f43so84CFqJKEltbTBUfwzDzMeg/HBBnaS/bVRmhow+MTH6o1baXVes58JLl8mdlQskTxiaUNwfrRr2wv0E+YkdYgJsFeMvikv1GCuZI4GCSzgJPTT1c1VhcvZjjCJguRPgSrkZ52wG9+/WDgCON/oGhqWWRm/fodzSXpTfrp8RpUEyl7luHSgu3rzDk5m2m9Igl2Jx5bf6qizLHNLGFkgQUJuc2mihUQZzERpmNmMt+DDxuhlyHfPyIV+vYwwNxGzCFb/QLlUq0TJlW6ptC52BP+ySk+0HLq4HRd78YwFywsAEGJbwDMHwBvNU=";
user = "aur"; user = "aur";
}; };
jacekpoz = { jacekpoz = {
hostName = "git.jacekpoz.pl"; hostName = "git.jacekpoz.pl";
identityFile = pkgs.writeText "jacekpoz.pub" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSxvSM0y5Z958VrgU9JNCYS4oZmV4nNXP3hIrw6zr8R";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSxvSM0y5Z958VrgU9JNCYS4oZmV4nNXP3hIrw6zr8R";
user = "forgejo"; user = "forgejo";
}; };
chmura = { chmura = {
hostName = "192.168.15.2"; hostName = "192.168.15.2";
identityFile = pkgs.writeText "chmura.pub" publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE=";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE=";
user = "chmura"; user = "chmura";
}; };
chmura2 = chmura // { hostName = "jacekpoz.pl"; }; chmura2 = chmura // { hostName = "jacekpoz.pl"; };
malina = { malina = {
hostName = "192.168.15.3"; hostName = "192.168.15.3";
identityFile = pkgs.writeText "malina.pub" publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCJWWnBdRFQjMxSGxjPQe/jk7sAHOEb4CAY9mY105bnNcoBz0DORvK+4Ha4TIDELubKbzasDTU/Vi7tunjbiFinbOP94OTVoc9xphfxa3eQ0GrIo0icLk0A2IbAqC32m9f93AvPseZib/9PJTIpZMQcklwllKfxg3WYBglVXLmu4+epPRfk3YR6TOP77guxT8MF9zdFrlRz8Ugcytrez2evOyva2YLdsadlke3cTVLypBFB5fJ2dfDSrYzsTEgDQB9o65Kpuqp/k+hvzdZLxDjC+vec1sUWiD9nPAHOPBKsbo9UqZtp5in4+vf8iaMVGZrjAHvz3NBze7uRZGdLLm7ACfuqq1J+cyGVCFOaxk1g0e5rNqFjMnLwKrF0UaAxmKkDNnkJQnWDCY63V+Q1PkfPWRSd5oNVZnHmyukosKlmR6n2/WqQsGrQpg0oDFh8MHupJ2sCKisAR6nvm1R9HmffdlMSBEjyx1V6j2onsGX5P+lsoODoIQGz1GV6JGBU/Qc=";
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCJWWnBdRFQjMxSGxjPQe/jk7sAHOEb4CAY9mY105bnNcoBz0DORvK+4Ha4TIDELubKbzasDTU/Vi7tunjbiFinbOP94OTVoc9xphfxa3eQ0GrIo0icLk0A2IbAqC32m9f93AvPseZib/9PJTIpZMQcklwllKfxg3WYBglVXLmu4+epPRfk3YR6TOP77guxT8MF9zdFrlRz8Ugcytrez2evOyva2YLdsadlke3cTVLypBFB5fJ2dfDSrYzsTEgDQB9o65Kpuqp/k+hvzdZLxDjC+vec1sUWiD9nPAHOPBKsbo9UqZtp5in4+vf8iaMVGZrjAHvz3NBze7uRZGdLLm7ACfuqq1J+cyGVCFOaxk1g0e5rNqFjMnLwKrF0UaAxmKkDNnkJQnWDCY63V+Q1PkfPWRSd5oNVZnHmyukosKlmR6n2/WqQsGrQpg0oDFh8MHupJ2sCKisAR6nvm1R9HmffdlMSBEjyx1V6j2onsGX5P+lsoODoIQGz1GV6JGBU/Qc=";
user = "malina"; user = "malina";
}; };
outfoxxed = { outfoxxed = {
hostName = "git.outfoxxed.me"; hostName = "git.outfoxxed.me";
identityFile = pkgs.writeText "outfoxxed.pub" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqsfan2BERiFSgXEv6KCTbzpKmtkq4gNd2409ZuKbgh";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqsfan2BERiFSgXEv6KCTbzpKmtkq4gNd2409ZuKbgh";
}; };
kik = { kik = {
hostName = "156.17.7.16"; hostName = "156.17.7.16";
identityFile = pkgs.writeText "kik.pub" publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAC03lGubkSRl02cX1TJ3ItkcozS8aocEHeysv/WY4v";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAC03lGubkSRl02cX1TJ3ItkcozS8aocEHeysv/WY4v";
port = 10002; port = 10002;
user = "auth"; user = "auth";
}; };

View file

@ -48,16 +48,11 @@ in {
type = types.str; type = types.str;
default = "git"; default = "git";
}; };
identityFile = mkOption { publicKey = mkOption {
description = "path to the private key"; description = "public key used for picking the correct key from the ssh-agent";
type = with types; nullOr path; type = with types; nullOr path;
default = null; default = null;
}; };
identitiesOnly = mkOption {
description = "whether ssh should not use additional identities offered by ssh-agent";
type = types.bool;
default = false;
};
}; };
}); });
default = {}; default = {};
@ -87,10 +82,17 @@ in {
${concatStrings (mapAttrsToList (name: value: '' ${concatStrings (mapAttrsToList (name: value: ''
Host ${name} Host ${name}
HostName ${value.hostName} HostName ${value.hostName}
${if value.port != null then "Port ${toString value.port}" else ""}
User ${value.user} User ${value.user}
${if value.identityFile != null then "IdentityFile ${value.identityFile}" else ""} ${
IdentitiesOnly ${if value.identitiesOnly then "yes" else "no"} if value.port != null then
"Port ${toString value.port}"
else ""
}
${
if value.publicKey != null then
"IdentityFile ${pkgs.writeFile "${name}.pub" value.publicKey}"
else ""
}
'') cfg.agent.hostAliases)} '') cfg.agent.hostAliases)}
''; '';
}; };