summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2021-01-04 07:51:37 -0500
committerBen Sima <ben@bsima.me>2021-01-04 07:51:37 -0500
commitdd74bbc17c97115df973fe9b9a17f7ce7bb6a99f (patch)
tree4778f5360d180181dbd556dbcef7fe8ac4c3ed03
parent0f0a1f55c1c7b05926f559661c4154124ea532f7 (diff)
Support multiple keys per user
Every key is just a new line in the $USER.pub file. This is not automatically reflected to gitolite, which uses a separate config, so I'll need to come up with a way to replace gitolite someday.
Diffstat
-rw-r--r--Biz/Cloud/Git.nix8
-rw-r--r--Biz/Dev/Configuration.nix6
-rw-r--r--Biz/Keys/Ben.pub (renamed from Biz/Keys/Ben.key)1
-rw-r--r--Biz/Keys/Deploy.pub (renamed from Biz/Keys/Deploy.key)0
-rw-r--r--Biz/Keys/Nick.pub (renamed from Biz/Keys/Nick.key)0
-rw-r--r--Biz/Namespace.hs4
-rw-r--r--Biz/Users.nix19
7 files changed, 25 insertions, 13 deletions
diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index 82761ce..b35b126 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
{
services = {
@@ -11,7 +11,11 @@
extraGitoliteRc = ''
$RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
'';
- adminPubkey = builtins.readFile ../Keys/Ben.key;
+ adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [
+ builtins.readFile
+ (lib.strings.splitString "\n")
+ lib.lists.head
+ ];
};
};
}
diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix
index a80183e..27f26c5 100644
--- a/Biz/Dev/Configuration.nix
+++ b/Biz/Dev/Configuration.nix
@@ -255,8 +255,10 @@ in {
maxJobs = 1;
sshServe = {
enable = true;
- keys = [
- (builtins.readFile ../Keys/Ben.key)
+ keys = lib.trivial.pipe ../Keys/Ben.pub [
+ builtins.readFile
+ (lib.strings.splitString "\n")
+ (lib.filter (s: s != ""))
];
};
trustedUsers = [ "root" "ben" ];
diff --git a/Biz/Keys/Ben.key b/Biz/Keys/Ben.pub
index c661508..1038f92 100644
--- a/Biz/Keys/Ben.key
+++ b/Biz/Keys/Ben.pub
@@ -1 +1,2 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDakRPWoxb//V+cQAS3Rl9zfZ+izmgESTdnkawOmwu8rlbcrKENNGyAVoPVr1jQh4toK3zUnItwel3hqAMHf+2b1jUcKcrPC3rKh9SD86vX8lJsOMmq9u/g+Fp3kkmRUps802F1/53M9dVGGuVVtQDgycutJqlWKpH5JEpiLWkkq2ExWOqv13WcHzXUwyl3Fh/ubzZunaov37k794o7hqVY/H+Je2mULmWFVO2Dms3sU+czvgxUDMKIwc2ebLNFgziIDBfL81Funrg5rPeYxv7ayUK6oyPNW5FJrx3Kd+2U1ikqxqNERmu8FYRO3CDmxbfx+EB9PVHg8LWwdrTLJbDj ben@helium
diff --git a/Biz/Keys/Deploy.key b/Biz/Keys/Deploy.pub
index 664a2d9..664a2d9 100644
--- a/Biz/Keys/Deploy.key
+++ b/Biz/Keys/Deploy.pub
diff --git a/Biz/Keys/Nick.key b/Biz/Keys/Nick.pub
index 4dc08fb..4dc08fb 100644
--- a/Biz/Keys/Nick.key
+++ b/Biz/Keys/Nick.pub
diff --git a/Biz/Namespace.hs b/Biz/Namespace.hs
index 574a2fc..d3835c8 100644
--- a/Biz/Namespace.hs
+++ b/Biz/Namespace.hs
@@ -17,7 +17,7 @@ import qualified Data.Char as Char
import qualified Data.List as List
import qualified Text.Regex.Applicative as Regex
-data Ext = Hs | Scm | Nix | Md | Css | Py | Sh | Key | Json | None
+data Ext = Hs | Scm | Nix | Md | Css | Py | Sh | Keys | Json | None
deriving (Eq, Show)
data Namespace = Namespace [String] Ext
@@ -38,7 +38,7 @@ match = Regex.match <| Namespace </ path <* Regex.sym '.' <*> ext
<|> Css <$ Regex.string "css"
<|> Py <$ Regex.string "py"
<|> Sh <$ Regex.string "sh"
- <|> Key <$ Regex.string "key"
+ <|> Keys <$ Regex.string "pub"
<|> Json <$ Regex.string "json"
fromPath :: String -> String -> Maybe Namespace
diff --git a/Biz/Users.nix b/Biz/Users.nix
index 0f68b50..e0e2d94 100644
--- a/Biz/Users.nix
+++ b/Biz/Users.nix
@@ -1,6 +1,12 @@
-{ config, ... }:
+{ config, lib, ... }:
-{
+let
+ readKeys = k: lib.trivial.pipe k [
+ builtins.readFile
+ (lib.strings.splitString "\n")
+ (lib.filter (s: s != ""))
+ ];
+in {
users.motd = ''
welcome to the simatime network!
@@ -14,20 +20,19 @@
deploy = {
isNormalUser = true;
home = "/home/deploy";
- openssh.authorizedKeys.keyFiles = [ ./Keys/Deploy.key ];
+ openssh.authorizedKeys.keys = readKeys ./Keys/Deploy.pub;
extraGroups = [ "wheel" ];
};
#
# humans
#
- root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ];
- root.password = "erewhon";
+ root.openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
ben = {
description = "Ben Sima";
isNormalUser = true;
home = "/home/ben";
- openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ];
+ openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
extraGroups = [ "wheel" "docker" ];
hashedPassword =
"$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY.";
@@ -36,7 +41,7 @@
description = "Nick Sima";
isNormalUser = true;
home = "/home/nick";
- openssh.authorizedKeys.keyFiles = [ ./Keys/Nick.key ];
+ openssh.authorizedKeys.keys = readKeys ./Keys/Nick.pub;
extraGroups = [ "docker" ];
};
};
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-01 07:33:12 +0000