rework the ssh module to use the publicKey directly

2024-03-06 12:11:58 +01:00 · 2024-03-06 12:11:58 +01:00 · f52134322c
commit f52134322c
parent d9eda141f3
2 changed files with 21 additions and 28 deletions
--- a/hosts/del/configuration.nix
+++ b/hosts/del/configuration.nix
@ -269,53 +269,44 @@
                    hostAliases = rec {
                        github = {
                            hostName = "github.com";
-                            identityFile = pkgs.writeText "github.pub"
-                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhNPiKUGyAdhI6jXQsDVj5jqklIh+gVEoCGZEEaC62";
+                            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBjhNPiKUGyAdhI6jXQsDVj5jqklIh+gVEoCGZEEaC62";
                        };
                        codeberg = {
                            hostName = "codeberg.org";
-                            identityFile = pkgs.writeText "codeberg.pub"
-                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZReNUB66x+SkVx0hlbA1lyfEBMpT8IvQ6LPRn52oBl";
+                            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZReNUB66x+SkVx0hlbA1lyfEBMpT8IvQ6LPRn52oBl";
                        };
                        gitlab = {
                            hostName = "gitlab.com";
-                            identityFile = pkgs.writeText "gitlab.pub"
-                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/4XLNm1/ea2jtLj2AvPWMigA/xo9mLbRUGurVthiqm";
+                            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA/4XLNm1/ea2jtLj2AvPWMigA/xo9mLbRUGurVthiqm";
                        };
                        aur = {
                            hostName = "aur.archlinux.org";
-                            identityFile = pkgs.writeText "aur.pub"
-                                "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmXbE1kWeNI58QQ5P5iUae+ql1hNkeRQQmTfME/RNegSCm9GxhWPaOsr70vTyPRPuYzKSRfd5sfoBjEikHPBdbEngFQlx4nocX/eQLkZIaT0RfXg7+SRJFkWdTTL5VqHNk7d7saIn5GESOuChMOvC5y/h6c+Hi6wunoqogrecZmOjs7cBkZR9Xj00syZgfWT5fCIc3f43so84CFqJKEltbTBUfwzDzMeg/HBBnaS/bVRmhow+MTH6o1baXVes58JLl8mdlQskTxiaUNwfrRr2wv0E+YkdYgJsFeMvikv1GCuZI4GCSzgJPTT1c1VhcvZjjCJguRPgSrkZ52wG9+/WDgCON/oGhqWWRm/fodzSXpTfrp8RpUEyl7luHSgu3rzDk5m2m9Igl2Jx5bf6qizLHNLGFkgQUJuc2mihUQZzERpmNmMt+DDxuhlyHfPyIV+vYwwNxGzCFb/QLlUq0TJlW6ptC52BP+ySk+0HLq4HRd78YwFywsAEGJbwDMHwBvNU=";
+                            publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCmXbE1kWeNI58QQ5P5iUae+ql1hNkeRQQmTfME/RNegSCm9GxhWPaOsr70vTyPRPuYzKSRfd5sfoBjEikHPBdbEngFQlx4nocX/eQLkZIaT0RfXg7+SRJFkWdTTL5VqHNk7d7saIn5GESOuChMOvC5y/h6c+Hi6wunoqogrecZmOjs7cBkZR9Xj00syZgfWT5fCIc3f43so84CFqJKEltbTBUfwzDzMeg/HBBnaS/bVRmhow+MTH6o1baXVes58JLl8mdlQskTxiaUNwfrRr2wv0E+YkdYgJsFeMvikv1GCuZI4GCSzgJPTT1c1VhcvZjjCJguRPgSrkZ52wG9+/WDgCON/oGhqWWRm/fodzSXpTfrp8RpUEyl7luHSgu3rzDk5m2m9Igl2Jx5bf6qizLHNLGFkgQUJuc2mihUQZzERpmNmMt+DDxuhlyHfPyIV+vYwwNxGzCFb/QLlUq0TJlW6ptC52BP+ySk+0HLq4HRd78YwFywsAEGJbwDMHwBvNU=";
                            user = "aur";
                        };
                        jacekpoz = {
                            hostName = "git.jacekpoz.pl";
-                            identityFile = pkgs.writeText "jacekpoz.pub"
-                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSxvSM0y5Z958VrgU9JNCYS4oZmV4nNXP3hIrw6zr8R";
+                            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJSxvSM0y5Z958VrgU9JNCYS4oZmV4nNXP3hIrw6zr8R";
                            user = "forgejo";
                        };
                        chmura = {
                            hostName = "192.168.15.2";
-                            identityFile = pkgs.writeText "chmura.pub"
-                                "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE=";
+                            publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDZLEWp9DsF9znp3W6uqP23yMFd8QQs0CmNKTKTanbfRYOqRWw0Jpuryxg7rTU8ioRM5L4zpIqu/v+pt9x76UsWTlFqjk9S35M1g0Kb2QN3czMJj5uA4jtFh47H8+hfBHm2RelPCcJCSmkR9gDa3XcrxlcC642yU4LTObHeHZg0yUDhUwKS8AdybxkPlmXPZ+UPEphq0CIBxU9mnieQMbQtMFnjEnNMDZJnP4BUF/XuWeHwh8yBttlL+hS37aI3hQYwGd5zdkSD9RWha10Nandlmt6+io6KYQgJxRK0c27i2jO7cmEMOz0h/ZnwHpTtRD9ifDTXuWN9l8+prAxsbC9pBsiDHqZ9ESHq7DzvqIeeyrQT0iHDoOPfB2PPCFJZlkFiM7hsWwkMc5Jaol9SjjH1a+B/+BvNGAQDWt1JIZzwE6T9RVQdGph6GMDS4o3gW3Hd8hyVdFhwD5xTJ567SntqsJdhzGH9HU5ybya3MG0WTWw3dLI0aMv/eAWSRx+7ZPE=";
                            user = "chmura";
                        };
                        chmura2 = chmura // { hostName = "jacekpoz.pl"; };
                        malina = {
                            hostName = "192.168.15.3";
-                            identityFile = pkgs.writeText "malina.pub"
-                                "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCJWWnBdRFQjMxSGxjPQe/jk7sAHOEb4CAY9mY105bnNcoBz0DORvK+4Ha4TIDELubKbzasDTU/Vi7tunjbiFinbOP94OTVoc9xphfxa3eQ0GrIo0icLk0A2IbAqC32m9f93AvPseZib/9PJTIpZMQcklwllKfxg3WYBglVXLmu4+epPRfk3YR6TOP77guxT8MF9zdFrlRz8Ugcytrez2evOyva2YLdsadlke3cTVLypBFB5fJ2dfDSrYzsTEgDQB9o65Kpuqp/k+hvzdZLxDjC+vec1sUWiD9nPAHOPBKsbo9UqZtp5in4+vf8iaMVGZrjAHvz3NBze7uRZGdLLm7ACfuqq1J+cyGVCFOaxk1g0e5rNqFjMnLwKrF0UaAxmKkDNnkJQnWDCY63V+Q1PkfPWRSd5oNVZnHmyukosKlmR6n2/WqQsGrQpg0oDFh8MHupJ2sCKisAR6nvm1R9HmffdlMSBEjyx1V6j2onsGX5P+lsoODoIQGz1GV6JGBU/Qc=";
+                            publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCJWWnBdRFQjMxSGxjPQe/jk7sAHOEb4CAY9mY105bnNcoBz0DORvK+4Ha4TIDELubKbzasDTU/Vi7tunjbiFinbOP94OTVoc9xphfxa3eQ0GrIo0icLk0A2IbAqC32m9f93AvPseZib/9PJTIpZMQcklwllKfxg3WYBglVXLmu4+epPRfk3YR6TOP77guxT8MF9zdFrlRz8Ugcytrez2evOyva2YLdsadlke3cTVLypBFB5fJ2dfDSrYzsTEgDQB9o65Kpuqp/k+hvzdZLxDjC+vec1sUWiD9nPAHOPBKsbo9UqZtp5in4+vf8iaMVGZrjAHvz3NBze7uRZGdLLm7ACfuqq1J+cyGVCFOaxk1g0e5rNqFjMnLwKrF0UaAxmKkDNnkJQnWDCY63V+Q1PkfPWRSd5oNVZnHmyukosKlmR6n2/WqQsGrQpg0oDFh8MHupJ2sCKisAR6nvm1R9HmffdlMSBEjyx1V6j2onsGX5P+lsoODoIQGz1GV6JGBU/Qc=";
                            user = "malina";
                        };
                        outfoxxed = {
                            hostName = "git.outfoxxed.me";
-                            identityFile = pkgs.writeText "outfoxxed.pub"
-                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqsfan2BERiFSgXEv6KCTbzpKmtkq4gNd2409ZuKbgh";
+                            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGqsfan2BERiFSgXEv6KCTbzpKmtkq4gNd2409ZuKbgh";
                        };
                        kik = {
                            hostName = "156.17.7.16";
-                            identityFile = pkgs.writeText "kik.pub"
-                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAC03lGubkSRl02cX1TJ3ItkcozS8aocEHeysv/WY4v";
+                            publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAC03lGubkSRl02cX1TJ3ItkcozS8aocEHeysv/WY4v";
                            port = 10002;
                            user = "auth";
                        };
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@ -48,16 +48,11 @@ in {
                                    type = types.str;
                                    default = "git";
                                };
-                                identityFile = mkOption {
-                                    description = "path to the private key";
+                                publicKey = mkOption {
+                                    description = "public key used for picking the correct key from the ssh-agent";
                                    type = with types; nullOr path;
                                    default = null;
                                };
-                                identitiesOnly = mkOption {
-                                    description = "whether ssh should not use additional identities offered by ssh-agent";
-                                    type = types.bool;
-                                    default = false;
-                                };
                            };
                        });
                        default = {};
@ -87,10 +82,17 @@ in {
                    ${concatStrings (mapAttrsToList (name: value: ''
                        Host ${name}
                            HostName        ${value.hostName}
-                            ${if value.port != null then "Port            ${toString value.port}" else ""}
                            User            ${value.user}
-                            ${if value.identityFile != null then "IdentityFile    ${value.identityFile}" else ""}
-                            IdentitiesOnly  ${if value.identitiesOnly then "yes" else "no"}
+                            ${
+                                if value.port != null then
+                                    "Port            ${toString value.port}"
+                                    else ""
+                            }
+                            ${
+                                if value.publicKey != null then
+                                    "IdentityFile    ${pkgs.writeFile "${name}.pub" value.publicKey}"
+                                    else ""
+                            }
                    '') cfg.agent.hostAliases)}
                '';
            };