simplify ssh key management

1 files changed, 6 insertions, 13 deletions

diff --git a/profiles/defaults.nix b/profiles/defaults.nix
index 96b1461..2683c5a 100644
--- a/profiles/defaults.nix
+++ b/profiles/defaults.nix
@@ -2,6 +2,7 @@
   config,
   pkgs,
   lib,
+  adminUser,
   ...
 }:
 {
@@ -112,19 +113,11 @@
 
   users = {
     mutableUsers = false;
-    users.root.openssh.authorizedKeys.keys = [
-      # 1password
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-      # YubiKey 5C Nano (personal)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo= ssh:"
-      # Yubikey 5C (keychain)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:"
-      # Yubikey 5C NFC (backup)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo= ssh:"
-      # Yubikey 5C Nano (work)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo="
-      # Yubikey Security Key C NFC (work, backup)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo="
+    users.root.openssh.authorizedKeys.keys = with adminUser.userinfo.sshPublicKeys; [
+      onepassword
+      yubikey-personal-nano
+      yubikey-personal-keychain
+      yubikey-personal-backup
     ];
   };