Generate accepted public key files through sops.

This commit is contained in:
Kevin Baensch 2023-09-11 19:31:15 +02:00
parent 9878b40111
commit 8edba95021
Signed by: derped
GPG key ID: C0F1D326C7626543
2 changed files with 8 additions and 5 deletions

View file

@ -27,10 +27,6 @@ let
++ (optional withPodman "podman");
shell = "${pkgs.zsh}/bin/zsh";
passwordFile = passPath;
# TODO: Fix for sops
# openssh.authorizedKeys.keyFiles = optional
# (cfg.openssh.enable && (builtins.pathExists "${passPath}.pub"))
# "${passPath}.pub";
};
};

View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, lib, fn, ... }:
# For reference:
# https://infosec.mozilla.org/guidelines/openssh.html
@ -25,4 +25,11 @@ mkIf (elem "openssh" config.machine.services) {
LogLevel VERBOSE
'';
};
# Add public keys to /etc/ssh/authorized_keys.d
# This replaces users.users.*.openssh.authorizedKeys.*
sops.secrets = (fn.sopsHelper
(user: "users/${user.name}/publicKey")
config.machine.administrators
(user: { path = "/etc/ssh/authorized_keys.d/${user.name}"; mode = "444"; })
);
}