harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

feat: improve SSH configuration and cleanup unused keys

Browse source 
- Commented out default SSH service enablement in common suite.
- Updated SSH agent configuration to use dynamic user paths.
- Removed outdated SSH keys and added missing key descriptions.
This commit is contained in:
Harald Hoyer 2025-01-16 09:06:46 +01:00
parent 37277447d3
commit 949e39cdba
3 changed files with 12 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
modules/common.nix
View file

@ -4,8 +4,7 @@
defaultSSHKeys = [ defaultSSHKeys = [
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs= s22@termux"
]; ];
} }

13
modules/darwin/security/ssh/default.nix
View file

@ -19,15 +19,22 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ openssh ]; environment.systemPackages = with pkgs; [ openssh ];
#environment.shellInit = ''
# export SSH_AUTH_SOCK="$HOME/.ssh/ssh-agent.sock"
#'';
launchd.user.agents.ssh-agent.serviceConfig = { launchd.user.agents.ssh-agent.serviceConfig = {
EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock"; Label = "ssh-agent";
EnvironmentVariables.SSH_AUTH_SOCK = "/Users/${config.metacfg.user.name}/.ssh/ssh-agent.sock";
ProgramArguments = [ ProgramArguments = [
"${pkgs.openssh}/bin/ssh-agent" "${pkgs.openssh}/bin/ssh-agent"
"-s" "-a"
"/Users/${config.metacfg.user.name}/.ssh/ssh-agent.sock"
"-D" "-D"
]; ];
RunAtLoad = true; RunAtLoad = true;
#KeepAlive.SuccessfulExit = true; KeepAlive.SuccessfulExit = true;
}; };
}; };
} }

2
modules/darwin/suites/common/default.nix
View file

@ -32,7 +32,7 @@ in
security = { security = {
gpg = enabled; gpg = enabled;
ssh = enabled; #ssh = enabled;
}; };
}; };
}; };