diff --git a/flake.lock b/flake.lock index a5cc1ed..e37d9cc 100644 --- a/flake.lock +++ b/flake.lock @@ -96,11 +96,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1778705491, - "narHash": "sha256-LOZbixhLsv2QbUbqH+I06eRMAI7FBDDkGoMWH523OkE=", + "lastModified": 1778847459, + "narHash": "sha256-mjbWJJV8PSEIVPBAS4yWfv63SRgsyfUWwLoo87QLMJE=", "ref": "refs/heads/main", - "rev": "b6fb4221bd5f54bc427de84230e0c95952399c21", - "revCount": 25, + "rev": "2b69bc6fdd8fe56bf42a62f955b829bb6b83bbf2", + "revCount": 29, "type": "git", "url": "https://github.com/futureware-tech/nix.git" }, diff --git a/flake.nix b/flake.nix index 70a5bf4..abb54c1 100644 --- a/flake.nix +++ b/flake.nix @@ -39,13 +39,6 @@ ... }@inputs: let - trustedSSHKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxRBsFGa8OFbviYDGSAKLgfm/K2XUxvCo+31FW37yab artem" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPAtIXXHm58julnr7S0xzBTM1jN5JkKxOL4JpuWDOa2jAAAABHNzaDo= office-dock-usb-a" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHY1xx0huqV6Mcc2WngYDabITeNUbGamJ8//206MxxVTAAAABHNzaDo= keychain-usb-c" - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHzY2eOz+JdaKOpIgZbF5FsZzQy0l8vPJjAQdTpBFGsoAAAABHNzaDo= safe" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJg7zQ4H0LQeQcILZBwCzQ+MYKtCgKm7HPe9oFeoyprKZXAvpm+HDHtaYdU39JF9f+nvRztzXuMhgETAQMAQCkc= fingerprint@macbook" - ]; eachSystem = nixpkgs.lib.genAttrs (import systems); in { @@ -74,6 +67,7 @@ pkgs = nixpkgs.legacyPackages.x86_64-linux; extraSpecialArgs.primaryUser = "artem"; modules = [ + inputs.fw_nix.nixosModules.identities vscode-server.homeModules.default self.homeModules.linux-headless ./hosts/deimos/home.nix @@ -84,9 +78,9 @@ pkgs = nixpkgs.legacyPackages.x86_64-darwin; extraSpecialArgs = { primaryUser = "artem"; - inherit trustedSSHKeys; }; modules = [ + inputs.fw_nix.nixosModules.identities self.homeModules.mac-portable ./hosts/mars/home.nix ]; @@ -96,6 +90,7 @@ system = "x86_64-darwin"; specialArgs.primaryUser = "artem"; modules = [ + inputs.fw_nix.nixosModules.identities self.darwinModules.mac-portable inputs.fw_nix.nixosModules.tools inputs.fw_nix.nixosModules.nix-settings @@ -112,10 +107,11 @@ nixpkgs.lib.nixosSystem { inherit system; specialArgs = { - inherit trustedSSHKeys; + primaryUser = "artem"; inherit (inputs) jail-nix; }; modules = [ + inputs.fw_nix.nixosModules.identities self.nixosModules.linux-headless self.nixosModules.linux-lxc inputs.fw_nix.nixosModules.nix-gc diff --git a/hosts/deimos/nixos.nix b/hosts/deimos/nixos.nix index ac80e53..7ff6194 100644 --- a/hosts/deimos/nixos.nix +++ b/hosts/deimos/nixos.nix @@ -1,6 +1,7 @@ { pkgs, - trustedSSHKeys, + identities, + primaryUser, jail-nix, ... }: @@ -8,14 +9,14 @@ let jail = jail-nix.lib.init pkgs; in { - users.users.artem = { + users.users.${primaryUser} = { uid = 1000; isNormalUser = true; extraGroups = [ "wheel" "docker" ]; - openssh.authorizedKeys.keys = trustedSSHKeys; + openssh.authorizedKeys.keys = identities.getAccessKeys primaryUser; shell = pkgs.zsh; linger = true; # Keep sshfs mounted even on logout. }; diff --git a/hosts/mars/home.nix b/hosts/mars/home.nix index 16fe530..bcdb73c 100644 --- a/hosts/mars/home.nix +++ b/hosts/mars/home.nix @@ -2,7 +2,8 @@ pkgs, lib, config, - trustedSSHKeys, + identities, + primaryUser, ... }: { @@ -19,7 +20,7 @@ home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] '' run install -m 0600 -D \ - ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" trustedSSHKeys)} \ + ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" (identities.getAccessKeys primaryUser))} \ ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys '';