use ssh keys instead of password

2023-08-24 17:47:19 -07:00 · 2023-08-24 17:47:19 -07:00 · 30cc1f42b4
commit 30cc1f42b4
parent ed720cc9dc
4 changed files with 40 additions and 2 deletions
--- a/hosts/server/authorizedKeys.nix
+++ b/hosts/server/authorizedKeys.nix
@ -0,0 +1,10 @@
+[
+  # reidlab
+  { hostname = "reidlab@rei-pc";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmwWuwS+a1GzYFSNOkgk/zF5bolXqat1RP5FXJv+vto reidlab@rei-pc";
+  }
+  {
+    hostname = "reidlab@rei-phone";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKC12NkyZAFNDHfq1ECh4uAgM4mpKfsQnL3XF/ZzSyCJ reidlab@rei-phone";
+  }
+]
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@ -1,6 +1,10 @@
 { config, lib, pkgs, ... }:

-{
+let
+  keys = import ./authorizedKeys.nix;
+  fetchSSH = (host: lib._.getSSH host keys);
+  fetchSSHKeys = map fetchSSH;
+in {
  imports = [
    ./hardware-configuration.nix
    ./webapps/default.nix
@ -20,6 +24,10 @@
      conf = {
        packages = with pkgs; [ bat tree micro duf ];
        extraGroups = [ "wheel" "dotfiles" ];
+        openssh.authorizedKeys.keys = fetchSSHKeys [
+          "reidlab@rei-pc"
+          "reidlab@rei-phone"
+        ];
      };

      homeConf.home = {
@ -39,7 +47,7 @@
    services = {
      ssh = {
        enable = true;
-        requirePassword = true;
+        requirePassword = false;
      };

      postgres.enable = true;
--- a/lib/default.nix
+++ b/lib/default.nix
@ -4,8 +4,10 @@ lib.extend (self: super:
  let
    inherit (lib) attrValues foldr;
    inherit (modules) mapModules;
+    inherit (helpers) getSSH;

    modules = import ./modules.nix { inherit lib; };
+    helpers = import ./helpers.nix { inherit lib; };
  in {
    _ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file {
      inherit pkgs inputs;
--- a/lib/helpers.nix
+++ b/lib/helpers.nix
@ -0,0 +1,18 @@
+{ lib, ... }:
+
+with lib;
+rec {
+  indexFrom = origin: name: item: list: foldr
+  (h: t:
+    if h.${origin} == name && hasAttr item h
+    then h.${item}
+    else t)
+  (error ''
+    No item at the origin point ${origin} with element ${name} found.
+    Please make sure that the item with that origin exists, and,
+    failing that, that it also has the requested item defined.
+  '')
+  list;
+
+  getSSH = name: keys: indexFrom "hostname" name "ssh" keys;
+}