update

2026-01-22 16:16:50 +01:00 · 2025-02-20 22:50:06 +01:00 · 2025-02-20 22:50:06 +01:00 · 638ef7093e
commit 638ef7093e
parent 2b7b63a18c
140 changed files with 307 additions and 121 deletions
--- a/parts/modules/base/ssh.nix
+++ b/parts/modules/base/ssh.nix
@ -1,54 +0,0 @@
-{
-  config,
-  username,
-  hostname,
-  lib,
-  ...
-}: let
-  # Load all public keys from ../../../secrets/hosts/*/id_ed25519.pub
-  allHosts = lib.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ../../../secrets/hosts));
-  publicKeys = map (x: builtins.readFile (../../../secrets/hosts + ("/" + x) + "/id_ed25519.pub")) allHosts;
-in {
-  age.secrets.ssh-key = {
-    rekeyFile = ../../../secrets/hosts + ("/" + hostname) + /id_ed25519.age;
-    mode = "0600";
-    owner = username;
-  };
-  age.secrets.ssh-key-ao = {
-    rekeyFile = ../../../secrets/ssh-key-ao.age;
-    mode = "0600";
-    owner = username;
-  };
-  fireproof.home-manager = {
-    programs.ssh = {
-      enable = true;
-      forwardAgent = true;
-      matchBlocks = {
-        "*" = {
-          identityFile = "${config.age.secrets.ssh-key.path}";
-        };
-        # Work hostnames definded in ./networking.nix
-        "*.ao" = {
-          user = "nij";
-          identityFile = "${config.age.secrets.ssh-key-ao.path}";
-        };
-        "dev.ao".proxyJump = "bastion.ao";
-        "scw.ao".proxyJump = "bastion.ao";
-        "clickhouse.ao".user = "ubuntu";
-        "flex.ao" = {
-          hostname = "192.168.2.5";
-          proxyJump = "bastion.ao";
-        };
-      };
-    };
-  };
-
-  programs.ssh.startAgent = true;
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-    settings.KbdInteractiveAuthentication = false;
-  };
-
-  users.users.${username}.openssh.authorizedKeys.keys = publicKeys;
-}