ref(modules/users): move ssh keys to a separate file

Each key is associated to a variable, which let me be more specific about which key to use depending on the context.
author: Franck Cuny <franck@fcuny.net> 2023-02-16 14:15:13 -0800
committer: Franck Cuny <franck@fcuny.net> 2023-02-20 13:48:36 -0800
commit: 8c53d0e4c6dcd133f60423f2d1a574045e20f741 (patch)
tree: f3cd97d7812fb46b4d6fae0f0b0d1e5cca0645e5 /modules/system/users
parent: feat(modules/pcscd): install the pcscd daemon (diff)
download: infra-8c53d0e4c6dcd133f60423f2d1a574045e20f741.tar.gz
1 files changed, 7 insertions, 5 deletions
diff --git a/modules/system/users/default.nix b/modules/system/users/default.nix
index ddc2c14..7f42982 100644
--- a/modules/system/users/default.nix
+++ b/modules/system/users/default.nix
@@ -2,6 +2,7 @@
 let
   groupExists = grp: builtins.hasAttr grp config.users.groups;
   groupsIfExist = builtins.filter groupExists;
+  sshPub = builtins.fromTOML (builtins.readFile ../../../configs/ssh-pubkeys.toml);
 in
 {
   # Users are managed through this configuration. If a user is added
@@ -24,11 +25,12 @@ in
     ];
     hashedPassword =
       "$6$i.z1brxtb44JAEco$fDD2Izl.zRR9vBCB2VBKPScChGw38EEl7QEiBTJ/EwgP3oSL0X3ZHq0PJ.RtqzBsWTPUjl4F3MKOBMhnaAPr6.";
-    openssh.authorizedKeys.keys = [
-      # aptos
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIdlm/qoR/dnMjZhVSTtqFzkgN3Yf9eQ3pgKMiipg+dl"
-      # work
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINSWhXmnUplM+xltD0sYiJ6AsjkwHvbjTYLA7GHXHja9"
+    openssh.authorizedKeys.keys = with sshPub; [
+      aptos
+      work
+      ykey-backup
+      ykey-keyring
+      ykey-laptop
     ];
   };
author	Franck Cuny <franck@fcuny.net>	2023-02-16 14:15:13 -0800
committer	Franck Cuny <franck@fcuny.net>	2023-02-20 13:48:36 -0800
commit	8c53d0e4c6dcd133f60423f2d1a574045e20f741 (patch)
tree	f3cd97d7812fb46b4d6fae0f0b0d1e5cca0645e5 /modules/system/users
parent	feat(modules/pcscd): install the pcscd daemon (diff)
download	infra-8c53d0e4c6dcd133f60423f2d1a574045e20f741.tar.gz