fireproof/nixos
1
0
Fork 0
mirror of https://github.com/nickolaj-jepsen/nixos.git synced 2026-01-22 16:16:50 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add systemd service to register ssh-keys

Browse source
This commit is contained in:
Nickolaj Jepsen 2025-10-24 08:16:19 +02:00
parent 5c3ec8b073
commit ad2924a204
1 changed files with 18 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

18
modules/base/ssh.nix
View file

@ -1,5 +1,6 @@
{ {
config, config,
pkgs,
username, username,
hostname, hostname,
lib, lib,
@ -20,6 +21,7 @@ in {
mode = "0600"; mode = "0600";
owner = username; owner = username;
}; };
fireproof.home-manager = { fireproof.home-manager = {
home.file.".ssh/id_ed25519.pub".source = ../../secrets/hosts + ("/" + hostname) + "/id_ed25519.pub"; home.file.".ssh/id_ed25519.pub".source = ../../secrets/hosts + ("/" + hostname) + "/id_ed25519.pub";
programs.ssh = { programs.ssh = {
@ -79,5 +81,21 @@ in {
settings.KbdInteractiveAuthentication = false; settings.KbdInteractiveAuthentication = false;
}; };
systemd.user.services."add-ssh-keys" = {
description = "Add SSH keys to ssh-agent";
after = [ "network.target" "ssh-agent.service" ];
requires = [ "ssh-agent.service" ];
wantedBy = [ "default.target" ];
serviceConfig = {
Type = "oneshot";
ExecStartPre=''
${pkgs.coreutils}/bin/sleep 5
'';
ExecStart = ''
${pkgs.openssh}/bin/ssh-add -q ${config.age.secrets.ssh-key-ao.path}
'';
};
};
users.users.${username}.openssh.authorizedKeys.keys = publicKeys; users.users.${username}.openssh.authorizedKeys.keys = publicKeys;
} }