simplify ssh key management

1 files changed, 6 insertions, 16 deletions

diff --git a/profiles/users/builder.nix b/profiles/users/builder.nix
index 2998c19..0b91efe 100644
--- a/profiles/users/builder.nix
+++ b/profiles/users/builder.nix
@@ -1,23 +1,13 @@
-{ ... }:
+{ adminUser, ... }:
 {
   nix.settings.trusted-users = [ "builder" ];
 
   users.users.builder = {
-    openssh.authorizedKeys.keys = [
-      # 1password
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-      # remote builder ssh key
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGFGxdplt9WwGjdhoYkmPe2opZMJShtpqnGCI+swrgvw"
-      # YubiKey 5C Nano (personal)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo= ssh:"
-      # Yubikey 5C (keychain)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:"
-      # Yubikey 5C NFC (backup)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo= ssh:"
-      # Yubikey 5C Nano (work)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo="
-      # Yubikey Security Key C NFC (work, backup)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo="
+    openssh.authorizedKeys.keys = with adminUser.userinfo.sshPublicKeys; [
+      onepassword
+      yubikey-personal-nano
+      yubikey-personal-keychain
+      yubikey-personal-backup
     ];
     isNormalUser = true;
     group = "nogroup";