jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
NixOS/jawz.nix
Danilo Reyes 6860500959 deacero key
2024-06-30 12:50:06 -06:00

42 lines
1.2 KiB
Nix
Raw Blame History

{ config, ... }: {
sops.secrets = let
keyConfig = file: {
sopsFile = ./secrets/keys.yaml;
owner = config.users.users.jawz.name;
inherit (config.users.users.jawz) group;
path = "/home/jawz/.ssh/${file}";
};
in {
jawz-password.neededForUsers = true;
"private_keys/age" = keyConfig "ed25519_age";
"public_keys/age" = keyConfig "ed25519_age.pub";
"private_keys/${config.networking.hostName}" =
keyConfig "ed25519_${config.networking.hostName}";
"git_private_keys/${config.networking.hostName}" = keyConfig "ed25519_git";
};
users.users.jawz = {
linger = true;
isNormalUser = true;
hashedPasswordFile = config.sops.secrets.jawz-password.path;
extraGroups = [
"wheel"
"networkmanager"
"scanner"
"lp"
"piracy"
"kavita"
"video"
"docker"
"libvirt"
"rslsync"
];
openssh.authorizedKeys.keys = [
(builtins.readFile ./secrets/ssh/ed25519_deacero.pub)
(builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
(builtins.readFile ./secrets/ssh/ed25519_server.pub)
(builtins.readFile ./secrets/ssh/ed25519_miniserver.pub)
(builtins.readFile ./secrets/ssh/ed25519_galaxy.pub)
];
};
}
Reference in New Issue View Git Blame Copy Permalink