From 114ef1ac86b4caf555512df7b3fcfd43f47ad86a Mon Sep 17 00:00:00 2001 From: Joseph Hanson Date: Fri, 5 Jul 2024 11:43:01 -0500 Subject: [PATCH] add add and update ssh keys and ssh-agent --- nixos/home/modules/security/ssh/default.nix | 1 - nixos/profiles/global/users.nix | 6 +----- nixos/profiles/role-workstation.nix | 13 +++++-------- 3 files changed, 6 insertions(+), 14 deletions(-) diff --git a/nixos/home/modules/security/ssh/default.nix b/nixos/home/modules/security/ssh/default.nix index 7094444..b7c394d 100644 --- a/nixos/home/modules/security/ssh/default.nix +++ b/nixos/home/modules/security/ssh/default.nix @@ -15,7 +15,6 @@ in programs.ssh = { inherit (cfg) matchBlocks; enable = true; - # addKeysToAgent = "yes"; }; }; } diff --git a/nixos/profiles/global/users.nix b/nixos/profiles/global/users.nix index a2e48b5..00bd5ee 100644 --- a/nixos/profiles/global/users.nix +++ b/nixos/profiles/global/users.nix @@ -28,11 +28,7 @@ in ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsUe5YF5z8vGcEYtQX7AAiw2rJygGf2l7xxr8nZZa7w" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBH3VVFenoJfnu+IFUlD79uxl7L8SFoRup33J2HGny4WEdRgGR41s0MpFKDBmxXZHy4O9Nh8NMMnpy5VhUefnIKI=" - "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPHFQ3hDjjrKsecn3jmSWYlRXy4IJCrepgU1HaIV5VcmB3mUFmIZ/pCZnPmIG/Gbuqf1PP2FQDmHMX5t0hTYG9A=" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIETR70eQJiXaJuB+qpI1z+jFOPbEZoQNRcq4VXkojWfU" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIATyScd8ZRhV7uZmrQNSAbRTs9N/Dbx+Y8tGEDny30sA" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIDJtqzSFK3MN12Lo3Y4DnzJV5NiygIPkR+gun5oEb2q jahanson@legiondary" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJyA/yMPPo+scxBaDFUk7WeEyMAMhXUro5vi4feOKsJT jahanson@durincore" ]; }; diff --git a/nixos/profiles/role-workstation.nix b/nixos/profiles/role-workstation.nix index 3f02cba..bfaf06c 100644 --- a/nixos/profiles/role-workstation.nix +++ b/nixos/profiles/role-workstation.nix @@ -6,11 +6,7 @@ with config; { mySystem = { - de.gnome.enable = true; - - # Lets see if fish everywhere is OK on the pi's - # TODO decide if i drop to bash on pis? shell.fish.enable = true; system.resticBackup.local.enable = false; @@ -23,16 +19,16 @@ with config; }; nix.settings = { - # TODO factor out into mySystem # Avoid disk full issues max-free = lib.mkDefault (1000 * 1000 * 1000); min-free = lib.mkDefault (128 * 1000 * 1000); }; - # set xserver videodrivers if used - services.xserver.enable = true; - services = { + # set xserver videodrivers if used + xserver.enable = true; + # Enable the Gnome keyring for auto unlocking ssh keys on login + gnome.gnome-keyring.enable = true; fwupd.enable = config.boot.loader.systemd-boot.enable; # fwupd does not work in BIOS mode thermald.enable = true; smartd.enable = true; @@ -61,4 +57,5 @@ with config; }; programs.mtr.enable = true; + programs.ssh.startAgent = true; }