Mark all known signers as allowed

2026-05-15 13:31:40 +00:00
parent 0ee7266b3d
commit 3b688fd5a2
5 changed files with 12 additions and 8 deletions
--- a/hosts/common/home.nix
+++ b/hosts/common/home.nix
@@ -10,7 +10,7 @@ in
  programs.git = {
    signing = {
      # Will be available on remote machines via SSH agent (Secretive).
-      key = "key::" + user.sign."sign@mars".key;
+      key = "key::" + user.sign."sign@mars".publicKey;
      signByDefault = true;
    };

--- a/hosts/deimos/nixos.nix
+++ b/hosts/deimos/nixos.nix
@@ -16,7 +16,7 @@ in
      "wheel"
      "docker"
    ];
-    openssh.authorizedKeys.keys = identities.getAccessKeys primaryUser;
+    openssh.authorizedKeys.keys = identities.getAccessKeys { user = primaryUser; };
    shell = pkgs.zsh;
    linger = true; # Keep sshfs mounted even on logout.
  };
--- a/hosts/mars/home.nix
+++ b/hosts/mars/home.nix
@@ -20,7 +20,11 @@

  home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
    run install -m 0600 -D \
-      ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" (identities.getAccessKeys primaryUser))} \
+      ${
+        pkgs.writeText "keys" (
+          builtins.concatStringsSep "\n" (identities.getAccessKeys { user = primaryUser; })
+        )
+      } \
      ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
  '';