From dd74bbc17c97115df973fe9b9a17f7ce7bb6a99f Mon Sep 17 00:00:00 2001 From: Ben Sima Date: Mon, 4 Jan 2021 07:51:37 -0500 Subject: Support multiple keys per user Every key is just a new line in the $USER.pub file. This is not automatically reflected to gitolite, which uses a separate config, so I'll need to come up with a way to replace gitolite someday. --- Biz/Cloud/Git.nix | 8 ++++++-- Biz/Dev/Configuration.nix | 6 ++++-- Biz/Keys/Ben.key | 1 - Biz/Keys/Ben.pub | 2 ++ Biz/Keys/Deploy.key | 1 - Biz/Keys/Deploy.pub | 1 + Biz/Keys/Nick.key | 1 - Biz/Keys/Nick.pub | 1 + Biz/Namespace.hs | 4 ++-- Biz/Users.nix | 19 ++++++++++++------- 10 files changed, 28 insertions(+), 16 deletions(-) delete mode 100644 Biz/Keys/Ben.key create mode 100644 Biz/Keys/Ben.pub delete mode 100644 Biz/Keys/Deploy.key create mode 100644 Biz/Keys/Deploy.pub delete mode 100644 Biz/Keys/Nick.key create mode 100644 Biz/Keys/Nick.pub diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix index 82761ce..b35b126 100644 --- a/Biz/Cloud/Git.nix +++ b/Biz/Cloud/Git.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { services = { @@ -11,7 +11,11 @@ extraGitoliteRc = '' $RC{SITE_INFO} = 'a computer is a bicycle for the mind.'; ''; - adminPubkey = builtins.readFile ../Keys/Ben.key; + adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [ + builtins.readFile + (lib.strings.splitString "\n") + lib.lists.head + ]; }; }; } diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix index a80183e..27f26c5 100644 --- a/Biz/Dev/Configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -255,8 +255,10 @@ in { maxJobs = 1; sshServe = { enable = true; - keys = [ - (builtins.readFile ../Keys/Ben.key) + keys = lib.trivial.pipe ../Keys/Ben.pub [ + builtins.readFile + (lib.strings.splitString "\n") + (lib.filter (s: s != "")) ]; }; trustedUsers = [ "root" "ben" ]; diff --git a/Biz/Keys/Ben.key b/Biz/Keys/Ben.key deleted file mode 100644 index c661508..0000000 --- a/Biz/Keys/Ben.key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium diff --git a/Biz/Keys/Ben.pub b/Biz/Keys/Ben.pub new file mode 100644 index 0000000..1038f92 --- /dev/null +++ b/Biz/Keys/Ben.pub @@ -0,0 +1,2 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDakRPWoxb//V+cQAS3Rl9zfZ+izmgESTdnkawOmwu8rlbcrKENNGyAVoPVr1jQh4toK3zUnItwel3hqAMHf+2b1jUcKcrPC3rKh9SD86vX8lJsOMmq9u/g+Fp3kkmRUps802F1/53M9dVGGuVVtQDgycutJqlWKpH5JEpiLWkkq2ExWOqv13WcHzXUwyl3Fh/ubzZunaov37k794o7hqVY/H+Je2mULmWFVO2Dms3sU+czvgxUDMKIwc2ebLNFgziIDBfL81Funrg5rPeYxv7ayUK6oyPNW5FJrx3Kd+2U1ikqxqNERmu8FYRO3CDmxbfx+EB9PVHg8LWwdrTLJbDj ben@helium diff --git a/Biz/Keys/Deploy.key b/Biz/Keys/Deploy.key deleted file mode 100644 index 664a2d9..0000000 --- a/Biz/Keys/Deploy.key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlLRbbXgwjF7IqObf4dZE/jj0HoT6xJR6bP/6ZrJz7NPCPIgY3GacOtBfkJp6KK0zKQdFmxNpcfb3zgpe/Ru7pkmSfI9IoWAU3aLPWK2G3tbLPmktGmF9C53OhyXgFtBGr2Q/+wSRKAfN/FrEEa2FuRBtvtcAMiwbQLbFCzlmWhE7swSBvg38ZSFrjhANsEhfNVCtsrtG16fkfrfmBFv4JIog1fEoMKmXg7rhMjpaas8+n52HMFXvjllePRpywK4wB20GOcOuDSdc3i3zs7NFuicGunEpW2S/byrHotSWHZ9VuUwPn3GJ6xorrGyvsRuPS2anhHTSBxYCqYdXg0BIYUn1x5Uhtzd8kIU06gSLsvuhqGCLNucnXAT1Zix7pSlO21be81SX4vwQEth+6Dkm6kja0ArHZL6wglF8Njd1fV9iOwvcS07clwa/2S8suFLwVrQXz16vfAfA2zi4/qeop5Sv9W4DIOZuIMPmbWZCoy7L6Fu4+x4prb8LCQNM5m4CP3HngCW8PpxtBbBJd0dcXVap1HgDTIt/CLH8ms52uX5k3bHuvzryOihSuwmi/cDZAJAmbgclM9klsZr4R/GAoAWhhGxXM2tLuiwZ2nLvCPlXbBazZpdM2aC3VIwnMwJrJFu2u9B6RSsz2ijbygecT98UmiMYK7Mk1y6GkvY+mDQ== ben@lithium diff --git a/Biz/Keys/Deploy.pub b/Biz/Keys/Deploy.pub new file mode 100644 index 0000000..664a2d9 --- /dev/null +++ b/Biz/Keys/Deploy.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlLRbbXgwjF7IqObf4dZE/jj0HoT6xJR6bP/6ZrJz7NPCPIgY3GacOtBfkJp6KK0zKQdFmxNpcfb3zgpe/Ru7pkmSfI9IoWAU3aLPWK2G3tbLPmktGmF9C53OhyXgFtBGr2Q/+wSRKAfN/FrEEa2FuRBtvtcAMiwbQLbFCzlmWhE7swSBvg38ZSFrjhANsEhfNVCtsrtG16fkfrfmBFv4JIog1fEoMKmXg7rhMjpaas8+n52HMFXvjllePRpywK4wB20GOcOuDSdc3i3zs7NFuicGunEpW2S/byrHotSWHZ9VuUwPn3GJ6xorrGyvsRuPS2anhHTSBxYCqYdXg0BIYUn1x5Uhtzd8kIU06gSLsvuhqGCLNucnXAT1Zix7pSlO21be81SX4vwQEth+6Dkm6kja0ArHZL6wglF8Njd1fV9iOwvcS07clwa/2S8suFLwVrQXz16vfAfA2zi4/qeop5Sv9W4DIOZuIMPmbWZCoy7L6Fu4+x4prb8LCQNM5m4CP3HngCW8PpxtBbBJd0dcXVap1HgDTIt/CLH8ms52uX5k3bHuvzryOihSuwmi/cDZAJAmbgclM9klsZr4R/GAoAWhhGxXM2tLuiwZ2nLvCPlXbBazZpdM2aC3VIwnMwJrJFu2u9B6RSsz2ijbygecT98UmiMYK7Mk1y6GkvY+mDQ== ben@lithium diff --git a/Biz/Keys/Nick.key b/Biz/Keys/Nick.key deleted file mode 100644 index 4dc08fb..0000000 --- a/Biz/Keys/Nick.key +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com diff --git a/Biz/Keys/Nick.pub b/Biz/Keys/Nick.pub new file mode 100644 index 0000000..4dc08fb --- /dev/null +++ b/Biz/Keys/Nick.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com diff --git a/Biz/Namespace.hs b/Biz/Namespace.hs index 574a2fc..d3835c8 100644 --- a/Biz/Namespace.hs +++ b/Biz/Namespace.hs @@ -17,7 +17,7 @@ import qualified Data.Char as Char import qualified Data.List as List import qualified Text.Regex.Applicative as Regex -data Ext = Hs | Scm | Nix | Md | Css | Py | Sh | Key | Json | None +data Ext = Hs | Scm | Nix | Md | Css | Py | Sh | Keys | Json | None deriving (Eq, Show) data Namespace = Namespace [String] Ext @@ -38,7 +38,7 @@ match = Regex.match <| Namespace ext <|> Css <$ Regex.string "css" <|> Py <$ Regex.string "py" <|> Sh <$ Regex.string "sh" - <|> Key <$ Regex.string "key" + <|> Keys <$ Regex.string "pub" <|> Json <$ Regex.string "json" fromPath :: String -> String -> Maybe Namespace diff --git a/Biz/Users.nix b/Biz/Users.nix index 0f68b50..e0e2d94 100644 --- a/Biz/Users.nix +++ b/Biz/Users.nix @@ -1,6 +1,12 @@ -{ config, ... }: +{ config, lib, ... }: -{ +let + readKeys = k: lib.trivial.pipe k [ + builtins.readFile + (lib.strings.splitString "\n") + (lib.filter (s: s != "")) + ]; +in { users.motd = '' welcome to the simatime network! @@ -14,20 +20,19 @@ deploy = { isNormalUser = true; home = "/home/deploy"; - openssh.authorizedKeys.keyFiles = [ ./Keys/Deploy.key ]; + openssh.authorizedKeys.keys = readKeys ./Keys/Deploy.pub; extraGroups = [ "wheel" ]; }; # # humans # - root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ]; - root.password = "erewhon"; + root.openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub; ben = { description = "Ben Sima"; isNormalUser = true; home = "/home/ben"; - openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ]; + openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub; extraGroups = [ "wheel" "docker" ]; hashedPassword = "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY."; @@ -36,7 +41,7 @@ description = "Nick Sima"; isNormalUser = true; home = "/home/nick"; - openssh.authorizedKeys.keyFiles = [ ./Keys/Nick.key ]; + openssh.authorizedKeys.keys = readKeys ./Keys/Nick.pub; extraGroups = [ "docker" ]; }; }; -- cgit v1.2.3