From ce0066436d14efbc8a3592f504efcb409f14333b Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 12 Jan 2026 08:20:05 -0800
Subject: simplify ssh key management

---
 profiles/defaults.nix | 19 ++++++-------------
 1 file changed, 6 insertions(+), 13 deletions(-)

(limited to 'profiles/defaults.nix')

diff --git a/profiles/defaults.nix b/profiles/defaults.nix
index 96b1461..2683c5a 100644
--- a/profiles/defaults.nix
+++ b/profiles/defaults.nix
@@ -2,6 +2,7 @@
   config,
   pkgs,
   lib,
+  adminUser,
   ...
 }:
 {
@@ -112,19 +113,11 @@
 
   users = {
     mutableUsers = false;
-    users.root.openssh.authorizedKeys.keys = [
-      # 1password
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
-      # YubiKey 5C Nano (personal)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo= ssh:"
-      # Yubikey 5C (keychain)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:"
-      # Yubikey 5C NFC (backup)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo= ssh:"
-      # Yubikey 5C Nano (work)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo="
-      # Yubikey Security Key C NFC (work, backup)
-      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo="
+    users.root.openssh.authorizedKeys.keys = with adminUser.userinfo.sshPublicKeys; [
+      onepassword
+      yubikey-personal-nano
+      yubikey-personal-keychain
+      yubikey-personal-backup
     ];
   };
 
-- 
cgit v1.2.3