trustmeim.gay
Personal Nix flake
nixos
home-manager
nix
fix: Authorized keys
+5
-9
-1
keys/id_ed25519_github.pub
-1
keys/id_ed25519_github.pub
···
1
-
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJMlCP3GL7MCCZHvQcbNyET6HGT2BbLuBkDQPZ2tk8TU github.com
-1
keys/id_ed25519_nix.pub
-1
keys/id_ed25519_nix.pub
···
1
-
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKelkUCKgf7cuEo3jk7rRq5yH6vWkHEQ1eOqilNErz/R nix
-1
keys/id_ed25519_tangled.pub
-1
keys/id_ed25519_tangled.pub
···
1
-
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+uIAmaOxc9or9djd+yUcmrPKcdjzIQhydOPrLipUbW tangled.com
+3
-3
nix/lib/config.nix
+3
-3
nix/lib/config.nix
···
21
21
wallpaper = assetWithPrefix "wallpaper";
22
22
profilePicture = assetWithPrefix "profile-picture";
23
23
ssh.publicKeys = {
24
-
github = ../../keys/id_ed25519_github.pub;
25
-
nix = ../../keys/id_ed25519_nix.pub;
26
-
tangled = ../../keys/id_ed25519_tangled.pub;
24
+
github = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJMlCP3GL7MCCZHvQcbNyET6HGT2BbLuBkDQPZ2tk8TU github.com";
25
+
nix = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKelkUCKgf7cuEo3jk7rRq5yH6vWkHEQ1eOqilNErz/R nix";
26
+
tangled = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ+uIAmaOxc9or9djd+yUcmrPKcdjzIQhydOPrLipUbW tangled.com";
27
27
};
28
28
nix = {
29
29
pkgs = {
-2
nix/nixos/modules/ssh/default.nix
-2
nix/nixos/modules/ssh/default.nix
···
3
3
lib,
4
4
...
5
5
}: let
6
-
inherit (config.my.config.ssh) publicKeys;
7
6
cfg = config.my.ssh;
8
7
in {
9
8
options.my.ssh.enable = lib.mkEnableOption "SSH";
···
11
10
config = lib.mkIf (cfg.enable) {
12
11
services.openssh = {
13
12
enable = true;
14
-
authorizedKeysFiles = builtins.attrValues publicKeys;
15
13
allowSFTP = true;
16
14
openFirewall = true;
17
15
settings = {
+2
-1
nix/nixos/modules/users/lpchaim.nix
+2
-1
nix/nixos/modules/users/lpchaim.nix
···
5
5
pkgs,
6
6
...
7
7
}: let
8
-
inherit (config.my.config) name shell;
8
+
inherit (config.my.config) name shell ssh;
9
9
inherit (inputs.self.lib.secrets.helpers) mkUserSecret;
10
10
userName = name.user;
11
11
cfg = config.my.users.lpchaim;
···
28
28
group = userName;
29
29
shell = pkgs.${shell};
30
30
hashedPasswordFile = "${config.my.secrets."user.lpchaim.password".path}";
31
+
openssh.authorizedKeys.keys = [ssh.publicKeys.nix];
31
32
};
32
33
};
33
34
systemd.services.ollama.serviceConfig.ReadWritePaths = [config.users.extraUsers.${userName}.home];