Koen/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssh key reroll

Browse source
This commit is contained in:
KoenDR06 2025-09-30 23:24:10 +02:00
parent aec7763929
commit fb781d6e8a
10 changed files with 191 additions and 42 deletions
Download patch file Download diff file Expand all files Collapse all files

32
modules/base/secrets.nix
View file

@ -1,12 +1,13 @@
{
lib,
config,
inputs,
pkgs,
...
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.horseman.base.secrets;
secretFile = path: ../../secrets/${path};
username = config.horseman.username;
in {
options = {
horseman.base.secrets = {
@ -15,12 +16,35 @@ in {
};
config = mkIf cfg.enable {
environment.systemPackages = [
inputs.agenix.packages.x86_64-linux.default
];
environment.systemPackages = [pkgs.ragenix];
age.secrets = {
wifi.file = secretFile "wifi.age";
personalSSHpub = {
file = secretFile "id_personal.pub.age";
owner = username;
group = "users";
path = "/home/horseman/.ssh/id_personal.pub";
};
personalSSH = {
file = secretFile "id_personal.age";
owner = username;
group = "users";
path = "/home/horseman/.ssh/id_personal";
};
githubSSHpub = {
file = secretFile "id_github.pub.age";
owner = username;
group = "users";
path = "/home/horseman/.ssh/id_github.pub";
};
githubSSH = {
file = secretFile "id_github.age";
owner = username;
group = "users";
path = "/home/horseman/.ssh/id_github";
};
};
};
}

20
modules/network/ssh.nix
View file

@ -14,25 +14,17 @@ in {
config = mkIf cfg.enable {
services.openssh = {
banner = ''
==================================================================
=== ==== ==== ========= ================================= ===
=== ==== ==== ========= ================================= ===
=== ==== ==== ========= ================================= ===
=== ==== ==== === === === ==== === = = ==== === ===
=== == == === = == == = == == == = == ===
==== == == === == == ===== = == = = == == ===
==== == == === ===== == ===== = == = = == ==========
===== == ==== = == == = == = == = = == = == ===
====== ==== ====== === === ==== === = = === === ===
==================================================================
'';
enable = true;
settings = {
PermitRootLogin = "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
AllowUsers = ["horseman"];
};
extraConfig = ''
Hostkey ${config.age.secrets.personalSSH.path}
Hostkey ${config.age.secrets.githubSSH.path}
'';
};
};
}

18
modules/users/default.nix
View file

@ -7,7 +7,7 @@
}: let
inherit (lib) mkEnableOption mkIf;
cfg = config.horseman.users.default;
homeCfg = config.horseman;
username = config.horseman.username;
in {
options = {
horseman.users.default = {
@ -18,10 +18,10 @@ in {
config = mkIf cfg.enable {
home-manager = {
extraSpecialArgs = {inherit inputs outputs;};
users.${homeCfg.username} = {
users.${username} = {
home = {
username = "${homeCfg.username}";
homeDirectory = "/home/${homeCfg.username}";
username = username;
homeDirectory = "/home/${username}";
stateVersion = "24.11";
};
@ -30,6 +30,12 @@ in {
gh.enable = true;
git = {
extraConfig = {
init = {
defaultBranch = "main";
};
};
enable = true;
userName = "KoenDR06";
userEmail = "koen.de.ruiter@hotmail.com";
@ -41,8 +47,8 @@ in {
users.users.horseman = {
initialPassword = "1234";
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../config/ssh/authorized_keys
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPpt0NisTZPYDdumMXhxaKv3JygSE0EKE6OiYw4A8ot7"
];
extraGroups = [
"wheel"