ops: tweak SSH auth; add red solo SK-resident key

This commit is contained in:
Luke Granger-Brown 2020-11-05 01:50:16 +00:00
parent c5f05e260d
commit bad3be7574
3 changed files with 4 additions and 2 deletions

View file

@ -9,6 +9,7 @@ in
{ {
config = { config = {
my.home-manager.imports = lib.mkAfter [ ./home-manager/client.nix ]; my.home-manager.imports = lib.mkAfter [ ./home-manager/client.nix ];
programs.ssh.startAgent = true;
nix.gc.automatic = false; nix.gc.automatic = false;
}; };
} }

View file

@ -57,8 +57,7 @@ in
}; };
environment.homeBinInPath = true; environment.homeBinInPath = true;
security.doas.wheelNeedsPassword = false; security.pam.enableSSHAgentAuth = true;
security.sudo.wheelNeedsPassword = false;
users.mutableUsers = false; users.mutableUsers = false;
users.users = let secrets = depot.ops.secrets; in { users.users = let secrets = depot.ops.secrets; in {
@ -74,6 +73,7 @@ in
../../secrets/lukegb_porcorosso_win.pub ../../secrets/lukegb_porcorosso_win.pub
../../secrets/lukegb_porcorosso_wsl.pub ../../secrets/lukegb_porcorosso_wsl.pub
../../secrets/lukegb_porcorosso_linux.pub ../../secrets/lukegb_porcorosso_linux.pub
../../secrets/lukegb_red_solo.pub
]; ];
}; };
deployer = { deployer = {

View file

@ -0,0 +1 @@
sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBAgBXCPpGxeapXvRW8z+/ZFMXvZ9q+Z2mcn5ApCSKqkS7CQjlzTj7Z21/DRQEXQALALLyqfFhcDm1VZkEp/ruBYAAAAEc3NoOg== lukegb-red-solo-key