Mark all known signers as allowed

2026-05-15 13:31:40 +00:00
parent 0ee7266b3d
commit 3b688fd5a2
5 changed files with 12 additions and 8 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -96,11 +96,11 @@
        "systems": "systems"
      },
      "locked": {
-        "lastModified": 1778847459,
-        "narHash": "sha256-mjbWJJV8PSEIVPBAS4yWfv63SRgsyfUWwLoo87QLMJE=",
+        "lastModified": 1778851650,
+        "narHash": "sha256-nX/YadRiNqqCqhOq5ksBhP5AbQHI8rIx1mNgkkoGZXE=",
        "ref": "refs/heads/main",
-        "rev": "2b69bc6fdd8fe56bf42a62f955b829bb6b83bbf2",
-        "revCount": 29,
+        "rev": "19a14a261113ea64e3537885b0f1f1434545dd7e",
+        "revCount": 30,
        "type": "git",
        "url": "https://github.com/futureware-tech/nix.git"
      },
--- a/hosts/common/home.nix
+++ b/hosts/common/home.nix
@@ -10,7 +10,7 @@ in
  programs.git = {
    signing = {
      # Will be available on remote machines via SSH agent (Secretive).
-      key = "key::" + user.sign."sign@mars".key;
+      key = "key::" + user.sign."sign@mars".publicKey;
      signByDefault = true;
    };

--- a/hosts/deimos/nixos.nix
+++ b/hosts/deimos/nixos.nix
@@ -16,7 +16,7 @@ in
      "wheel"
      "docker"
    ];
-    openssh.authorizedKeys.keys = identities.getAccessKeys primaryUser;
+    openssh.authorizedKeys.keys = identities.getAccessKeys { user = primaryUser; };
    shell = pkgs.zsh;
    linger = true; # Keep sshfs mounted even on logout.
  };
--- a/hosts/mars/home.nix
+++ b/hosts/mars/home.nix
@@ -20,7 +20,11 @@

  home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
    run install -m 0600 -D \
-      ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" (identities.getAccessKeys primaryUser))} \
+      ${
+        pkgs.writeText "keys" (
+          builtins.concatStringsSep "\n" (identities.getAccessKeys { user = primaryUser; })
+        )
+      } \
      ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
  '';

--- a/modules/home/common.nix
+++ b/modules/home/common.nix
@@ -55,7 +55,7 @@
      };
      gpg.format = "ssh";
      gpg.ssh.allowedSignersFile = "${pkgs.writeText "allowed_signers" (
-        lib.concatStringsSep "\n" (identities.getSigningEntries "artem")
+        lib.concatStringsSep "\n" (identities.getSigningEntries { })
      )}";
      credential."https://source.developers.google.com".helper = "gcloud.sh";
    };