Use keyfiles

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-07-24 15:16:29 +01:00
parent 247897643c
commit b7c7023ff0
9 changed files with 19 additions and 18 deletions
--- a/hosts/jupiter/configs/wireguard/default.nix
+++ b/hosts/jupiter/configs/wireguard/default.nix
@@ -42,7 +42,7 @@ in
          {
            name = "jupiter-vps";
            allowedIPs = [ "0.0.0.0/0" ];
-            publicKey = "dRUBz0AZFp30zXqWyTDRe7UyNioc5lV5QE2xYJCc6yU=";
+            publicKey = builtins.readFile "${inputs.secrets}/hosts/jupiter-vps/wireguard_key.pub";
            endpoint = "${jupiterVpsPublicIPv4}:${builtins.toString wireguardPort}";
            persistentKeepalive = 25;
          }
--- a/hosts/jupiter/default.nix
+++ b/hosts/jupiter/default.nix
@@ -62,7 +62,7 @@
    "v  /mnt/storage/private 0755 root root    - -"
  ];

-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
+  users.users.root.openssh.authorizedKeys.keyFiles = [
+    "${inputs.secrets}/personal/id_ed25519.pub"
  ];
 }
--- a/hosts/jupiter/users/nick/default.nix
+++ b/hosts/jupiter/users/nick/default.nix
@@ -62,8 +62,8 @@ in
    ];
    linger = true;
    uid = lib.strings.toInt (builtins.readFile ./uid);
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
+    openssh.authorizedKeys.keyFiles = [
+      "${inputs.secrets}/personal/id_ed25519.pub"
    ];
  };

--- a/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
+++ b/hosts/jupiter/users/storm/configs/console/podman/sish/default.nix
@@ -2,6 +2,7 @@
 {
  config,
  inputs,
+  lib,
  pkgs,
  system,
  ...
@@ -31,9 +32,9 @@ in
            let
              authorizedKeys = pkgs.writeTextFile {
                name = "authorized_keys";
-                text = ''
-                  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com
-                '';
+                text = lib.strings.concatStringsSep "\n" [
+                  (builtins.readFile "${inputs.secrets}/personal/id_ed25519.pub")
+                ];
              };
            in
            [
--- a/hosts/jupiter/users/storm/default.nix
+++ b/hosts/jupiter/users/storm/default.nix
@@ -53,8 +53,8 @@ in
      group = user;
      autoSubUidGidRange = true;
      useDefaultShell = true;
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWDA5vnIB7KE2VG28Ovg5rXtQqxFwMXsfozLsH0BNZS nick@karaolidis.com"
+      openssh.authorizedKeys.keyFiles = [
+        "${inputs.secrets}/personal/id_ed25519.pub"
      ];
    };