From ce0066436d14efbc8a3592f504efcb409f14333b Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Mon, 12 Jan 2026 08:20:05 -0800 Subject: simplify ssh key management --- profiles/remote-unlock.nix | 24 ++++++------------------ 1 file changed, 6 insertions(+), 18 deletions(-) (limited to 'profiles/remote-unlock.nix') diff --git a/profiles/remote-unlock.nix b/profiles/remote-unlock.nix index 310d52b..9812ce8 100644 --- a/profiles/remote-unlock.nix +++ b/profiles/remote-unlock.nix @@ -1,4 +1,4 @@ -{ ... }: +{ adminUser, ... }: { boot.kernelParams = [ "ip=dhcp" @@ -14,23 +14,11 @@ hostKeys = [ "/etc/initrd/ssh_host_ed25519_key" ]; - authorizedKeys = [ - # my personal key - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - # key used to automatically unlock - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPr9Dv2MjZoRltmxi21PoS/42KnOhYxuq9r6ER62vjAx" - # YubiKey 5C Nano (personal) - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGX4+CuUjiX6Doi4n6RqmznzFUyRrxKhEFvuIxROzXDKAAAABHNzaDo= ssh:" - # Yubikey 5C (keychain) - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:" - # Yubikey 5C (keychain) - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDnU4Xd8bElZYVWDbknlIgskR/q7ORrbvO0FLnJMQX+eAAAABHNzaDo= ssh:" - # Yubikey 5C NFC (backup) - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAINLBHE4O9RrTgTa+m0kcWL2Mhpi3C57MpTpip7riTophAAAABHNzaDo= ssh:" - # Yubikey 5C Nano (work) - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIBVuEgqp/pmfskha3gIaYIfP0JEgKG/vVV3Bswb63wr2AAAABHNzaDo=" - # Yubikey Security Key C NFC (work, backup) - "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGjs8WvWBuiL6hujqSaXLxBIs5unjBex22Whdrj/radmAAAABHNzaDo=" + authorizedKeys = with adminUser.userinfo.sshPublicKeys; [ + onepassword + yubikey-personal-nano + yubikey-personal-keychain + yubikey-personal-backup ]; }; }; -- cgit v1.2.3