simplify ssh key management

1 files changed, 6 insertions, 18 deletions

diff --git a/profiles/remote-unlock.nix b/profiles/remote-unlock.nix
index 310d52b..9812ce8 100644
--- a/profiles/remote-unlock.nix
+++ b/profiles/remote-unlock.nix
@@ -1,4 +1,4 @@
-{ ... }:
+{ adminUser, ... }:
 {
   boot.kernelParams = [
     "ip=dhcp"
@@ -14,23 +14,11 @@
       hostKeys = [
         "/etc/initrd/ssh_host_ed25519_key"
       ];
-      authorizedKeys = [
-        # my personal key
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-        # key used to automatically unlock
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPr9Dv2MjZoRltmxi21PoS/42KnOhYxuq9r6ER62vjAx"
-        # YubiKey 5C Nano (personal)
-        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo= ssh:"
-        # Yubikey 5C (keychain)
-        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:"
-        # Yubikey 5C (keychain)
-        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:"
-        # Yubikey 5C NFC (backup)
-        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo= ssh:"
-        # Yubikey 5C Nano (work)
-        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo="
-        # Yubikey Security Key C NFC (work, backup)
-        "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo="
+      authorizedKeys = with adminUser.userinfo.sshPublicKeys; [
+        onepassword
+        yubikey-personal-nano
+        yubikey-personal-keychain
+        yubikey-personal-backup
       ];
     };
   };