use ssh keys instead of password

2023-08-24 17:47:19 -07:00 · 2023-08-24 17:47:19 -07:00 · 30cc1f42b4
commit 30cc1f42b4
parent ed720cc9dc
4 changed files with 40 additions and 2 deletions
--- a/hosts/server/authorizedKeys.nix
+++ b/hosts/server/authorizedKeys.nix
@ -0,0 +1,10 @@
+[
+  # reidlab
+  { hostname = "reidlab@rei-pc";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmwWuwS+a1GzYFSNOkgk/zF5bolXqat1RP5FXJv+vto reidlab@rei-pc";
+  }
+  {
+    hostname = "reidlab@rei-phone";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKC12NkyZAFNDHfq1ECh4uAgM4mpKfsQnL3XF/ZzSyCJ reidlab@rei-phone";
+  }
+]
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@ -1,6 +1,10 @@
 { config, lib, pkgs, ... }:

-{
+let
+  keys = import ./authorizedKeys.nix;
+  fetchSSH = (host: lib._.getSSH host keys);
+  fetchSSHKeys = map fetchSSH;
+in {
  imports = [
    ./hardware-configuration.nix
    ./webapps/default.nix
@ -20,6 +24,10 @@
      conf = {
        packages = with pkgs; [ bat tree micro duf ];
        extraGroups = [ "wheel" "dotfiles" ];
+        openssh.authorizedKeys.keys = fetchSSHKeys [
+          "reidlab@rei-pc"
+          "reidlab@rei-phone"
+        ];
      };

      homeConf.home = {
@ -39,7 +47,7 @@
    services = {
      ssh = {
        enable = true;
-        requirePassword = true;
+        requirePassword = false;
      };

      postgres.enable = true;