nix
/
System
2
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nix:dac5135308100cb533032176e68ba97d993f50fd
Branches Tags
nix:trunk
...
compare: nix:7d5087061779110dc635d55f9b579c5c857db193
Branches Tags
nix:trunk

2 Commits
dac5135308 ... 7d50870617

Author SHA1 Message Date
Nathan McCarty 7d50870617
Generate git allowed_signers file 2023-05-01 18:00:17 -04:00
Nathan McCarty eb26f898af
Switch levitation over to ssh signing 2023-05-01 17:30:36 -04:00
3 changed files with 47 additions and 14 deletions
Show Stats Expand all files Collapse all files

5
home-manager/common/programs/core.nix
View File

@ -76,11 +76,16 @@ with lib; {
}) })
(mkIf (config.nathan.programs.util.git.enable (mkIf (config.nathan.programs.util.git.enable
&& config.nathan.programs.util.git.sshSign) { && config.nathan.programs.util.git.sshSign) {
home.file.allowedSigners = {
target = ".ssh/allowed_signers";
text = (import ../../../info/ssh-keys.nix).allowedSigners;
};
programs.git = { programs.git = {
extraConfig = { extraConfig = {
commit.gpgsign = true; commit.gpgsign = true;
gpg.format = "ssh"; gpg.format = "ssh";
user.signingkey = "~/.ssh/id_ed25519.pub"; user.signingkey = "~/.ssh/id_ed25519.pub";
gpg.ssh.allowedSignersFile = "~/.ssh/allowed_signers";
}; };
}; };
}) })

36
info/ssh-keys.nix
View File

@ -1,23 +1,45 @@
rec { rec {
keys = { keys = {
# yubikey ssh key # yubikey ssh key
"yubikey" = "yubikey" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILRs6zVljIlQEZ8F+aEBqqbpeFJwCw3JdveZ8TQWfkev cardno:000615938515";
};
# levitation ssh key
"levitation" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG0zeLTlg++shIYcqxksDVkTtHS3MIvlqPIIW+9pufQa nathan@levitation";
};
# WSL key # WSL key
"wsl" = "wsl" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGXEV5lvLQ1CcPuJANv5AiYxtcRFEYXD5nODCazWnYC5 nathan@mccarty.io";
};
# Phone key # Phone key
"phone" = "phone" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFR0zpmBCb0iEOeeI6SBwgucddNzccfQ5Zmdgib5iSmF nix-on-droid@localhost";
};
# Tablet key # Tablet key
"tablet" = "tablet" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKltqneJjfdLjOvnWQC2iP7hP7aTYkURPiR8LFjB7z87 nix-on-droid@localhost";
};
# Macbook key # Macbook key
"extremophile" = "extremophile" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPLIZC4A4OhpTvfoL5jeMb1Ong9CwZ/URCYZL6y4Gp7b nathan@extremophile.local";
};
# vm key # vm key
"productivity-vm" = "productivity-vm" = {
key =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm"; "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgtdTJThr5/vfUswQb3ee6A++W1OxAOGFQJTE8xDuHv nathan@productivity-vm";
}; };
list = builtins.attrValues keys; };
list = map (x: x.key) (builtins.attrValues keys);
allowedSigners = builtins.concatStringsSep "\n" (map (x:
"${
builtins.concatStringsSep ","
(x.emails or [ "*@mccarty.io" "*@stranger.systems" ])
} ${x.key}") (builtins.attrValues keys));
} }

8
machines/levitation/home.nix
View File

@ -3,7 +3,13 @@
services = { email = { enable = true; }; }; services = { email = { enable = true; }; };
config = { isDesktop = true; }; config = { isDesktop = true; };
programs = { programs = {
util = { wine = true; }; util = {
wine = true;
git = {
gpgSign = false;
sshSign = true;
};
};
games = { launcher = true; }; games = { launcher = true; };
media.nicotineService = true; media.nicotineService = true;
}; };