ops: tweak SSH auth; add red solo SK-resident key
This commit is contained in:
parent
c5f05e260d
commit
bad3be7574
3 changed files with 4 additions and 2 deletions
|
@ -9,6 +9,7 @@ in
|
||||||
{
|
{
|
||||||
config = {
|
config = {
|
||||||
my.home-manager.imports = lib.mkAfter [ ./home-manager/client.nix ];
|
my.home-manager.imports = lib.mkAfter [ ./home-manager/client.nix ];
|
||||||
|
programs.ssh.startAgent = true;
|
||||||
nix.gc.automatic = false;
|
nix.gc.automatic = false;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -57,8 +57,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
environment.homeBinInPath = true;
|
environment.homeBinInPath = true;
|
||||||
security.doas.wheelNeedsPassword = false;
|
security.pam.enableSSHAgentAuth = true;
|
||||||
security.sudo.wheelNeedsPassword = false;
|
|
||||||
|
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
users.users = let secrets = depot.ops.secrets; in {
|
users.users = let secrets = depot.ops.secrets; in {
|
||||||
|
@ -74,6 +73,7 @@ in
|
||||||
../../secrets/lukegb_porcorosso_win.pub
|
../../secrets/lukegb_porcorosso_win.pub
|
||||||
../../secrets/lukegb_porcorosso_wsl.pub
|
../../secrets/lukegb_porcorosso_wsl.pub
|
||||||
../../secrets/lukegb_porcorosso_linux.pub
|
../../secrets/lukegb_porcorosso_linux.pub
|
||||||
|
../../secrets/lukegb_red_solo.pub
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
deployer = {
|
deployer = {
|
||||||
|
|
1
ops/secrets/lukegb_red_solo.pub
Normal file
1
ops/secrets/lukegb_red_solo.pub
Normal file
|
@ -0,0 +1 @@
|
||||||
|
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAgBXCPpGxeapXvRW8z+/ZFMXvZ9q+Z2mcn5ApCSKqkS7CQjlzTj7Z21/DRQEXQALALLyqfFhcDm1VZkEp/ruBYAAAAEc3NoOg== lukegb-red-solo-key
|
Loading…
Reference in a new issue