From f52134322c0bbc60a58d0296415371db99cc38b4 Mon Sep 17 00:00:00 2001 From: jacekpoz Date: Wed, 6 Mar 2024 12:11:58 +0100 Subject: [PATCH] rework the ssh module to use the publicKey directly --- hosts/del/configuration.nix | 27 +++++++++------------------ modules/services/ssh.nix | 22 ++++++++++++---------- 2 files changed, 21 insertions(+), 28 deletions(-) diff --git a/hosts/del/configuration.nix b/hosts/del/configuration.nix index 54b66c4..f319eec 100644 --- a/hosts/del/configuration.nix +++ b/hosts/del/configuration.nix @@ -269,53 +269,44 @@ hostAliases = rec { github = { hostName = "github.com"; - identityFile = pkgs.writeText "github.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhNPiKUGyAdhI6jXQsDVj5jqklIh+gVEoCGZEEaC62"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhNPiKUGyAdhI6jXQsDVj5jqklIh+gVEoCGZEEaC62"; }; codeberg = { hostName = "codeberg.org"; - identityFile = pkgs.writeText "codeberg.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZReNUB66x+SkVx0hlbA1lyfEBMpT8IvQ6LPRn52oBl"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZReNUB66x+SkVx0hlbA1lyfEBMpT8IvQ6LPRn52oBl"; }; gitlab = { hostName = "gitlab.com"; - identityFile = pkgs.writeText "gitlab.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/4XLNm1/ea2jtLj2AvPWMigA/xo9mLbRUGurVthiqm"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/4XLNm1/ea2jtLj2AvPWMigA/xo9mLbRUGurVthiqm"; }; aur = { hostName = "aur.archlinux.org"; - identityFile = pkgs.writeText "aur.pub" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmXbE1kWeNI58QQ5P5iUae+ql1hNkeRQQmTfME/RNegSCm9GxhWPaOsr70vTyPRPuYzKSRfd5sfoBjEikHPBdbEngFQlx4nocX/eQLkZIaT0RfXg7+SRJFkWdTTL5VqHNk7d7saIn5GESOuChMOvC5y/h6c+Hi6wunoqogrecZmOjs7cBkZR9Xj00syZgfWT5fCIc3f43so84CFqJKEltbTBUfwzDzMeg/HBBnaS/bVRmhow+MTH6o1baXVes58JLl8mdlQskTxiaUNwfrRr2wv0E+YkdYgJsFeMvikv1GCuZI4GCSzgJPTT1c1VhcvZjjCJguRPgSrkZ52wG9+/WDgCON/oGhqWWRm/fodzSXpTfrp8RpUEyl7luHSgu3rzDk5m2m9Igl2Jx5bf6qizLHNLGFkgQUJuc2mihUQZzERpmNmMt+DDxuhlyHfPyIV+vYwwNxGzCFb/QLlUq0TJlW6ptC52BP+ySk+0HLq4HRd78YwFywsAEGJbwDMHwBvNU="; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmXbE1kWeNI58QQ5P5iUae+ql1hNkeRQQmTfME/RNegSCm9GxhWPaOsr70vTyPRPuYzKSRfd5sfoBjEikHPBdbEngFQlx4nocX/eQLkZIaT0RfXg7+SRJFkWdTTL5VqHNk7d7saIn5GESOuChMOvC5y/h6c+Hi6wunoqogrecZmOjs7cBkZR9Xj00syZgfWT5fCIc3f43so84CFqJKEltbTBUfwzDzMeg/HBBnaS/bVRmhow+MTH6o1baXVes58JLl8mdlQskTxiaUNwfrRr2wv0E+YkdYgJsFeMvikv1GCuZI4GCSzgJPTT1c1VhcvZjjCJguRPgSrkZ52wG9+/WDgCON/oGhqWWRm/fodzSXpTfrp8RpUEyl7luHSgu3rzDk5m2m9Igl2Jx5bf6qizLHNLGFkgQUJuc2mihUQZzERpmNmMt+DDxuhlyHfPyIV+vYwwNxGzCFb/QLlUq0TJlW6ptC52BP+ySk+0HLq4HRd78YwFywsAEGJbwDMHwBvNU="; user = "aur"; }; jacekpoz = { hostName = "git.jacekpoz.pl"; - identityFile = pkgs.writeText "jacekpoz.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSxvSM0y5Z958VrgU9JNCYS4oZmV4nNXP3hIrw6zr8R"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSxvSM0y5Z958VrgU9JNCYS4oZmV4nNXP3hIrw6zr8R"; user = "forgejo"; }; chmura = { hostName = "192.168.15.2"; - identityFile = pkgs.writeText "chmura.pub" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE="; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE="; user = "chmura"; }; chmura2 = chmura // { hostName = "jacekpoz.pl"; }; malina = { hostName = "192.168.15.3"; - identityFile = pkgs.writeText "malina.pub" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCJWWnBdRFQjMxSGxjPQe/jk7sAHOEb4CAY9mY105bnNcoBz0DORvK+4Ha4TIDELubKbzasDTU/Vi7tunjbiFinbOP94OTVoc9xphfxa3eQ0GrIo0icLk0A2IbAqC32m9f93AvPseZib/9PJTIpZMQcklwllKfxg3WYBglVXLmu4+epPRfk3YR6TOP77guxT8MF9zdFrlRz8Ugcytrez2evOyva2YLdsadlke3cTVLypBFB5fJ2dfDSrYzsTEgDQB9o65Kpuqp/k+hvzdZLxDjC+vec1sUWiD9nPAHOPBKsbo9UqZtp5in4+vf8iaMVGZrjAHvz3NBze7uRZGdLLm7ACfuqq1J+cyGVCFOaxk1g0e5rNqFjMnLwKrF0UaAxmKkDNnkJQnWDCY63V+Q1PkfPWRSd5oNVZnHmyukosKlmR6n2/WqQsGrQpg0oDFh8MHupJ2sCKisAR6nvm1R9HmffdlMSBEjyx1V6j2onsGX5P+lsoODoIQGz1GV6JGBU/Qc="; + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCJWWnBdRFQjMxSGxjPQe/jk7sAHOEb4CAY9mY105bnNcoBz0DORvK+4Ha4TIDELubKbzasDTU/Vi7tunjbiFinbOP94OTVoc9xphfxa3eQ0GrIo0icLk0A2IbAqC32m9f93AvPseZib/9PJTIpZMQcklwllKfxg3WYBglVXLmu4+epPRfk3YR6TOP77guxT8MF9zdFrlRz8Ugcytrez2evOyva2YLdsadlke3cTVLypBFB5fJ2dfDSrYzsTEgDQB9o65Kpuqp/k+hvzdZLxDjC+vec1sUWiD9nPAHOPBKsbo9UqZtp5in4+vf8iaMVGZrjAHvz3NBze7uRZGdLLm7ACfuqq1J+cyGVCFOaxk1g0e5rNqFjMnLwKrF0UaAxmKkDNnkJQnWDCY63V+Q1PkfPWRSd5oNVZnHmyukosKlmR6n2/WqQsGrQpg0oDFh8MHupJ2sCKisAR6nvm1R9HmffdlMSBEjyx1V6j2onsGX5P+lsoODoIQGz1GV6JGBU/Qc="; user = "malina"; }; outfoxxed = { hostName = "git.outfoxxed.me"; - identityFile = pkgs.writeText "outfoxxed.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqsfan2BERiFSgXEv6KCTbzpKmtkq4gNd2409ZuKbgh"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqsfan2BERiFSgXEv6KCTbzpKmtkq4gNd2409ZuKbgh"; }; kik = { hostName = "156.17.7.16"; - identityFile = pkgs.writeText "kik.pub" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAC03lGubkSRl02cX1TJ3ItkcozS8aocEHeysv/WY4v"; + publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAC03lGubkSRl02cX1TJ3ItkcozS8aocEHeysv/WY4v"; port = 10002; user = "auth"; }; diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index 36dc8b0..53f2053 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -48,16 +48,11 @@ in { type = types.str; default = "git"; }; - identityFile = mkOption { - description = "path to the private key"; + publicKey = mkOption { + description = "public key used for picking the correct key from the ssh-agent"; type = with types; nullOr path; default = null; }; - identitiesOnly = mkOption { - description = "whether ssh should not use additional identities offered by ssh-agent"; - type = types.bool; - default = false; - }; }; }); default = {}; @@ -87,10 +82,17 @@ in { ${concatStrings (mapAttrsToList (name: value: '' Host ${name} HostName ${value.hostName} - ${if value.port != null then "Port ${toString value.port}" else ""} User ${value.user} - ${if value.identityFile != null then "IdentityFile ${value.identityFile}" else ""} - IdentitiesOnly ${if value.identitiesOnly then "yes" else "no"} + ${ + if value.port != null then + "Port ${toString value.port}" + else "" + } + ${ + if value.publicKey != null then + "IdentityFile ${pkgs.writeFile "${name}.pub" value.publicKey}" + else "" + } '') cfg.agent.hostAliases)} ''; };