use ssh keys instead of password
This commit is contained in:
parent
ed720cc9dc
commit
30cc1f42b4
4 changed files with 40 additions and 2 deletions
10
hosts/server/authorizedKeys.nix
Executable file
10
hosts/server/authorizedKeys.nix
Executable file
|
|
@ -0,0 +1,10 @@
|
||||||
|
[
|
||||||
|
# reidlab
|
||||||
|
{ hostname = "reidlab@rei-pc";
|
||||||
|
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmwWuwS+a1GzYFSNOkgk/zF5bolXqat1RP5FXJv+vto reidlab@rei-pc";
|
||||||
|
}
|
||||||
|
{
|
||||||
|
hostname = "reidlab@rei-phone";
|
||||||
|
ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKC12NkyZAFNDHfq1ECh4uAgM4mpKfsQnL3XF/ZzSyCJ reidlab@rei-phone";
|
||||||
|
}
|
||||||
|
]
|
||||||
|
|
@ -1,6 +1,10 @@
|
||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
{
|
let
|
||||||
|
keys = import ./authorizedKeys.nix;
|
||||||
|
fetchSSH = (host: lib._.getSSH host keys);
|
||||||
|
fetchSSHKeys = map fetchSSH;
|
||||||
|
in {
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
./webapps/default.nix
|
./webapps/default.nix
|
||||||
|
|
@ -20,6 +24,10 @@
|
||||||
conf = {
|
conf = {
|
||||||
packages = with pkgs; [ bat tree micro duf ];
|
packages = with pkgs; [ bat tree micro duf ];
|
||||||
extraGroups = [ "wheel" "dotfiles" ];
|
extraGroups = [ "wheel" "dotfiles" ];
|
||||||
|
openssh.authorizedKeys.keys = fetchSSHKeys [
|
||||||
|
"reidlab@rei-pc"
|
||||||
|
"reidlab@rei-phone"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
homeConf.home = {
|
homeConf.home = {
|
||||||
|
|
@ -39,7 +47,7 @@
|
||||||
services = {
|
services = {
|
||||||
ssh = {
|
ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
requirePassword = true;
|
requirePassword = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
postgres.enable = true;
|
postgres.enable = true;
|
||||||
|
|
|
||||||
|
|
@ -4,8 +4,10 @@ lib.extend (self: super:
|
||||||
let
|
let
|
||||||
inherit (lib) attrValues foldr;
|
inherit (lib) attrValues foldr;
|
||||||
inherit (modules) mapModules;
|
inherit (modules) mapModules;
|
||||||
|
inherit (helpers) getSSH;
|
||||||
|
|
||||||
modules = import ./modules.nix { inherit lib; };
|
modules = import ./modules.nix { inherit lib; };
|
||||||
|
helpers = import ./helpers.nix { inherit lib; };
|
||||||
in {
|
in {
|
||||||
_ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file {
|
_ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file {
|
||||||
inherit pkgs inputs;
|
inherit pkgs inputs;
|
||||||
|
|
|
||||||
18
lib/helpers.nix
Executable file
18
lib/helpers.nix
Executable file
|
|
@ -0,0 +1,18 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
rec {
|
||||||
|
indexFrom = origin: name: item: list: foldr
|
||||||
|
(h: t:
|
||||||
|
if h.${origin} == name && hasAttr item h
|
||||||
|
then h.${item}
|
||||||
|
else t)
|
||||||
|
(error ''
|
||||||
|
No item at the origin point ${origin} with element ${name} found.
|
||||||
|
Please make sure that the item with that origin exists, and,
|
||||||
|
failing that, that it also has the requested item defined.
|
||||||
|
'')
|
||||||
|
list;
|
||||||
|
|
||||||
|
getSSH = name: keys: indexFrom "hostname" name "ssh" keys;
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue