artem/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mark all known signers as allowed

Browse Source
This commit is contained in:
Artem Sheremet
2026-05-15 13:31:40 +00:00
parent 0ee7266b3d
commit 3b688fd5a2
5 changed files with 12 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@@ -96,11 +96,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1778847459, "lastModified": 1778851650,
"narHash": "sha256-mjbWJJV8PSEIVPBAS4yWfv63SRgsyfUWwLoo87QLMJE=", "narHash": "sha256-nX/YadRiNqqCqhOq5ksBhP5AbQHI8rIx1mNgkkoGZXE=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "2b69bc6fdd8fe56bf42a62f955b829bb6b83bbf2", "rev": "19a14a261113ea64e3537885b0f1f1434545dd7e",
"revCount": 29, "revCount": 30,
"type": "git", "type": "git",
"url": "https://github.com/futureware-tech/nix.git" "url": "https://github.com/futureware-tech/nix.git"
}, },

2
hosts/common/home.nix
View File

@@ -10,7 +10,7 @@ in
programs.git = { programs.git = {
signing = { signing = {
# Will be available on remote machines via SSH agent (Secretive). # Will be available on remote machines via SSH agent (Secretive).
key = "key::" + user.sign."sign@mars".key; key = "key::" + user.sign."sign@mars".publicKey;
signByDefault = true; signByDefault = true;
}; };

2
hosts/deimos/nixos.nix
View File

@@ -16,7 +16,7 @@ in
"wheel" "wheel"
"docker" "docker"
]; ];
openssh.authorizedKeys.keys = identities.getAccessKeys primaryUser; openssh.authorizedKeys.keys = identities.getAccessKeys { user = primaryUser; };
shell = pkgs.zsh; shell = pkgs.zsh;
linger = true; # Keep sshfs mounted even on logout. linger = true; # Keep sshfs mounted even on logout.
}; };

6
hosts/mars/home.nix
View File

@@ -20,7 +20,11 @@
home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] '' home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
run install -m 0600 -D \ run install -m 0600 -D \
${pkgs.writeText "keys" (builtins.concatStringsSep "\n" (identities.getAccessKeys primaryUser))} \ ${
pkgs.writeText "keys" (
builtins.concatStringsSep "\n" (identities.getAccessKeys { user = primaryUser; })
)
} \
${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
''; '';

2
modules/home/common.nix
View File

@@ -55,7 +55,7 @@
}; };
gpg.format = "ssh"; gpg.format = "ssh";
gpg.ssh.allowedSignersFile = "${pkgs.writeText "allowed_signers" ( gpg.ssh.allowedSignersFile = "${pkgs.writeText "allowed_signers" (
lib.concatStringsSep "\n" (identities.getSigningEntries "artem") lib.concatStringsSep "\n" (identities.getSigningEntries { })
)}"; )}";
credential."https://source.developers.google.com".helper = "gcloud.sh"; credential."https://source.developers.google.com".helper = "gcloud.sh";
}; };