feat: generalize SSH key config

2026-04-26 19:40:29 +02:00
parent 0318dd0cf6
commit 52ea09563f
6 changed files with 34 additions and 48 deletions
@@ -17,8 +17,8 @@ in
        scope:
        let
          email = account.emails.${scope}.address;
-          key = machine.sourceControl.${scope};
+          key = lib.attrByPath [ scope ] null machine.sshKeys;
-          hasSigningKey = key != null && key.publicKey != null;
+          hasSigningKey = key != null;
        in
        {
          allowedSigners = lib.optional hasSigningKey "${email} ${key.publicKey}";
@@ -1,6 +1,11 @@
-{ config, ... }:
+{ config, lib, ... }:
 let
  account = config.repo.account;
  personalPublicKeys =
    machines:
    map (machine: machine.sshKeys.personal.publicKey) (
      lib.filter (machine: machine.sshKeys ? personal) (builtins.attrValues machines)
    );
 in
 {
  flake.modules.nixos.ssh-agent-auth = {
@@ -23,5 +28,7 @@ in
          AllowUsers = [ account.name ];
        };
      };
      users.users.${account.name}.openssh.authorizedKeys.keys = personalPublicKeys config.repo.machines;
    };
 }
@@ -34,11 +34,6 @@ in
        ./_disk.nix
      ];
-      users.users.${account.name} = {
+      users.users.${account.name}.linger = true;
        linger = true;
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAU2LydkXRTtNFY7oyX8JQURwXLVhB71DeK8XzrXeFX1 openpgp:0xA490D93A"
        ];
      };
    };
 }
@@ -8,8 +8,10 @@ let
 in
 {
  repo.machines.polaris = {
-    sourceControl.personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVORk45HKkX7gaGGp90KsVyUy6t+fKhbWN/grjkf3cQ kiri@polaris";
+    sshKeys = {
-    sourceControl.work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5DMV6EQzsscgEOE0912mNglUHTEl+LPnaWYjj0y57B kiri@polaris#work";
+      personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEVORk45HKkX7gaGGp90KsVyUy6t+fKhbWN/grjkf3cQ kiri@polaris";
      work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM5DMV6EQzsscgEOE0912mNglUHTEl+LPnaWYjj0y57B kiri@polaris#work";
    };
    syncthingId = "6HBAKXB-DB3B4H2-BODCAXF-KD23H5W-6X5LGLC-ZJHZHLG-7U7YMGO-BB6IXQ3";
@@ -10,7 +10,7 @@ in
  repo.machines.zenith = {
    portable = true;
-    sourceControl = {
+    sshKeys = {
      personal.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQy4k04gU7UpjBgyUQ57kUwxOdt79LvMCiCekXZeZhd kiri@zenith";
      work.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHJz5uHKm0/TiMNh/cmzrODHNZ8NgEEZe+47XnJwQGk kiri@zenith#work";
    };
@@ -25,6 +25,22 @@ let
    }
  );
  sshKeyType = lib.types.submodule (
    { name, ... }:
    {
      options = {
        publicKey = lib.mkOption {
          type = lib.types.str;
        };
        privateKeyPath = lib.mkOption {
          type = lib.types.str;
          default = "~/.ssh/id_${name}";
        };
      };
    }
  );
  accountType = lib.types.submodule (
    { config, ... }:
    {
@@ -107,40 +123,6 @@ let
    }
  );
  sourceControlMachineKeyType = lib.types.submodule (
    { name, ... }:
    {
      options = {
        publicKey = lib.mkOption {
          type = lib.types.nullOr lib.types.str;
          default = null;
        };
        privateKeyPath = lib.mkOption {
          type = lib.types.str;
          default = "~/.ssh/id_${name}";
        };
      };
    }
  );
  sourceControlMachineType = lib.types.submodule (
    { ... }:
    {
      options = {
        personal = lib.mkOption {
          type = lib.types.nullOr sourceControlMachineKeyType;
          default = null;
        };
        work = lib.mkOption {
          type = lib.types.nullOr sourceControlMachineKeyType;
          default = null;
        };
      };
    }
  );
  machineType = lib.types.submodule (
    { name, config, ... }:
    {
@@ -164,8 +146,8 @@ let
          default = { };
        };
-        sourceControl = lib.mkOption {
+        sshKeys = lib.mkOption {
-          type = sourceControlMachineType;
+          type = lib.types.attrsOf sshKeyType;
          default = { };
        };