Nix: Add public SSH key

I want to start making this part of my setup so I don't have to do all of this manually...
Mange · Dec 21, 2024 · ac517a3 · ac517a3
1 parent d37faa2
commit ac517a3
Show file tree

Hide file tree

Showing 5 changed files with 27 additions and 10 deletions.
diff --git a/data/ssh-keys/id_daddy.pub b/data/ssh-keys/id_daddy.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK339UoUDLK3K4EtgW6Z20Q1mYlBL9XdAnLgO3BtkI4z daddy
diff --git a/data/ssh-keys/id_mange_2024.pub b/data/ssh-keys/id_mange_2024.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTvo4U3B3I7tpAOq4VAgSmzJbVVMNdsEgTlPaYOBOEt mange+2024@bergmark
diff --git a/flake.nix b/flake.nix
@@ -52,17 +52,22 @@
 
       # NixOS configuration entrypoint
       # Available through 'nixos-rebuild switch --flake .#your-hostname'
-      nixosConfigurations = {
+      nixosConfigurations = let
+        specialArgs = {
+          inherit inputs outputs;
+          rootPath = ./.;
+        };
+      in {
         socia = nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs outputs; };
+          inherit specialArgs;
           modules = [./systems/socia/configuration.nix];
         };
         vera = nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs outputs; };
+          inherit specialArgs;
           modules = [./systems/vera/configuration.nix];
         };
         porto = nixpkgs.lib.nixosSystem {
-          specialArgs = { inherit inputs outputs; };
+          inherit specialArgs;
           modules = [./systems/porto/configuration.nix];
         };
       };
@@ -71,7 +76,10 @@
       # Available through 'home-manager --flake .#your-username@your-hostname'
       homeConfigurations = let
         homeConfig = home-manager.lib.homeManagerConfiguration;
-        extraSpecialArgs = { inherit inputs outputs; };
+        extraSpecialArgs = {
+          inherit inputs outputs;
+          rootPath = ./.;
+        };
       in {
         "mange@socia" = homeConfig {
           extraSpecialArgs = extraSpecialArgs // {

diff --git a/home/_roles/pc/security.nix b/home/_roles/pc/security.nix
@@ -1,5 +1,13 @@
 # Keyring, SSH, GPG stuff
-{ config, pkgs, lib, ... }: {
+{ config, pkgs, lib, rootPath, ... }: let
+  sshPubKeys = lib.filesystem.listFilesRecursive (rootPath + /data/ssh-keys);
+  sshKeyFiles = lib.lists.map (file: {
+    ".ssh/${builtins.baseNameOf file}" = { source = file; };
+  }) sshPubKeys;
+in {
+  # Install SSH public keys
+  home.file = (lib.attrsets.mergeAttrsList sshKeyFiles);
+
   # Keyring and gpg agent
   services.gnome-keyring.enable = true;
   home.sessionVariables.SSH_AUTH_SOCK = "$XDG_RUNTIME_DIR/keyring/ssh"; # gnome-keyring

diff --git a/systems/_roles/pc/users.nix b/systems/_roles/pc/users.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }: {
+{ pkgs, rootPath, ... }: {
   security.polkit.enable = true;
   security.sudo.enable = true;
   services.accounts-daemon.enable = true;
@@ -14,9 +14,8 @@
       "input" # Control LEDs
     ];
     shell = pkgs.zsh;
-    openssh.authorizedKeys.keys = [
-      # TODO: Add your SSH public key(s) here, if you plan on using SSH to connect
+    openssh.authorizedKeys.keyFiles = [
+      (rootPath + /data/ssh-keys/id_mange_2024.pub)
     ];
   };
-
 }
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK339UoUDLK3K4EtgW6Z20Q1mYlBL9XdAnLgO3BtkI4z daddy
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKTvo4U3B3I7tpAOq4VAgSmzJbVVMNdsEgTlPaYOBOEt mange+2024@bergmark