fix user public keys

2023-12-25 18:54:38 +01:00 · 2023-12-25 18:54:38 +01:00 · 7fcf8af4ad
commit 7fcf8af4ad
parent dd4466b5a3
7 changed files with 26 additions and 23 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1703368619,
-        "narHash": "sha256-ZGPMYL7FMA6enhuwby961bBANmoFX14EA86m2/Jw5Jo=",
+        "lastModified": 1703499046,
+        "narHash": "sha256-A6wclPJCOMEYuD28KBOBTwHEVOKy3f9yvuMFAJ55dco=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "a2523ea0343b056ba240abbac90ab5f116a7aa7b",
+        "rev": "d5a917bab40daf4e5f82cd27162b8a6656d3beab",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -52,18 +52,25 @@
        ] ++ modules ++ fileList "modules"
        ++ map(user: { config, lib, pkgs, ... }@args: {
          users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
+          boot.initrd.network.ssh.authorizedKeys = config.users.users.${user}.openssh.authorizedKeys.keys;
        }) users
        ++ map(user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users;
      };
    in {
      photon = constructSystem {
        hostname = "photon";
-        users = ["dennis"];
+        users = [
+          "alice"
+          "dennis"
+        ];
      };

      palatine-hill = constructSystem {
        hostname = "palatine-hill";
-        users = ["alice"];
+        users = [
+          "alice"
+          "dennis"
+        ];
      };
    };
  };
--- a/modules/boot.nix
+++ b/modules/boot.nix
@ -14,6 +14,7 @@ in
        description = "The cpu-type installed on the server.";
      };
      amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";
+      fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encrytion";
    };
  };

@ -22,19 +23,15 @@ in
      # networking for netcard kernelModules = [ "e1000e" ];
      kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];

-      network.enable = true;
-      network.ssh = {
+      network = lib.mkIf cfg.fullDiskEncryption {
+        enable = true;
+        ssh = {
          enable = true;
          hostKeys = [
            "/root/ssh_key"
          ];
          port = 2222;
        };
-      luks = {
-        devices."cryptroot" = {
-          device = "/dev/sda1";
-          preLVM = true;
-        };
      };
    };

--- a/systems/configuration.nix
+++ b/systems/configuration.nix
@ -21,7 +21,6 @@
      enable = true;
      fixPermissions = true;
      extraConfig = ''StreamLocalBindUnlink yes'';
-      authorizedKeysFiles = [ "../users/dennis/keys/yubikey.pub" ];
      settings = {
        PermitRootLogin = "no";
        PasswordAuthentication = false;
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@ -2,9 +2,8 @@
 {
  time.timeZone = "America/New_York";
  console.keyMap = "us";
-  boot.zfs.extraPools = [ "ZFS-primary" ];
  networking.hostId = "dc2f9781";
-  boot.initrd.network.ssh.authorizedKeys = [ "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ];
+  boot.zfs.extraPools = [ "ZFS-primary" ];

  virtualisation = {
    docker = {
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@ -1,5 +1,7 @@
 { pkgs, lib, config, name, ... }:
 import ../default.nix {
  inherit pkgs lib config name;
-  pubKeys = [ "ed25516-AAAAAAA" ];
+  publicKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588"
+  ];
 }
--- a/users/default.nix
+++ b/users/default.nix
@ -3,14 +3,13 @@
  config,
  pkgs,
  name,
-  pubKeys ? [],
+  publicKeys ? [],
  defaultShell ? "zsh",
 }:

 {
  inherit name;
  isNormalUser = true;
-  uid = 1000;
  extraGroups = [
    "wheel"
    "media"
@ -24,5 +23,5 @@
    "uaccess"
  ];
  shell = pkgs.${defaultShell};
-  openssh.authorizedKeys.keys = pubKeys;
+  openssh.authorizedKeys.keys = publicKeys;
 }