imxyy1soope1/nixos-dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions Activity

refactor: keys & emails

Browse Source
This commit is contained in:
imxyy_soope_
2025-11-24 18:04:11 +08:00
parent b8597104b3
commit d0cffe4f1c
5 changed files with 48 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
config/hosts/imxyy-nix-server/build.nix
View File

@@ -1,7 +1,9 @@
{ {
lib,
config, config,
pkgs, pkgs,
secrets, secrets,
hosts,
... ...
}: }:
{ {
@@ -30,13 +32,7 @@
isSystemUser = true; isSystemUser = true;
description = "nix remote build user"; description = "nix remote build user";
group = "nixremote"; group = "nixremote";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = (lib.mapAttrsToList (host: key: "${key} ${host}") hosts) ++ [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix"
]; ];
}; };

19
config/hosts/imxyy-nix-server/net.nix
View File

@@ -3,6 +3,7 @@
lib, lib,
pkgs, pkgs,
username, username,
hosts,
secrets, secrets,
... ...
}: }:
@@ -127,18 +128,12 @@
PasswordAuthentication = true; PasswordAuthentication = true;
}; };
}; };
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = lib.mapAttrsToList (
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" host: key: "${key} ${host}"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" ) hosts;
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" users.users.${username}.openssh.authorizedKeys.keys = lib.mapAttrsToList (
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" host: key: "${key} ${host}"
]; ) hosts;
users.users.${username}.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16"
];
sops.secrets.dae-imxyy-nix-server = { sops.secrets.dae-imxyy-nix-server = {
sopsFile = secrets.dae-imxyy-nix-server; sopsFile = secrets.dae-imxyy-nix-server;

17
modules/cli/vcs/git.nix
View File

@@ -4,7 +4,8 @@
pkgs, pkgs,
username, username,
userfullname, userfullname,
useremail, emails,
hosts,
... ...
}: }:
let let
@@ -21,14 +22,18 @@ in
enable = true; enable = true;
settings = { settings = {
gpg.ssh.allowedSignersFile = gpg.ssh.allowedSignersFile =
(pkgs.writeText "allowed_signers" '' hosts
imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix |> lib.mapAttrsToList (
imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails)
'').outPath; )
|> lib.flatten
|> lib.concatStringsSep "\n"
|> pkgs.writeText "allowed-signers"
|> toString;
push.autoSetupRemote = true; push.autoSetupRemote = true;
user = { user = {
name = userfullname; name = userfullname;
email = useremail; email = emails.default;
}; };
}; };
signing = { signing = {

21
modules/cli/vcs/jj.nix
View File

@@ -4,7 +4,8 @@
pkgs, pkgs,
username, username,
userfullname, userfullname,
useremail, emails,
hosts,
... ...
}: }:
let let
@@ -21,8 +22,8 @@ in
enable = true; enable = true;
settings = { settings = {
user = { user = {
name = "${userfullname}"; name = userfullname;
email = "${useremail}"; email = emails.default;
}; };
ui = { ui = {
graph.style = "square"; graph.style = "square";
@@ -34,14 +35,18 @@ in
behavior = "own"; behavior = "own";
key = "/home/${username}/.ssh/id_ed25519"; key = "/home/${username}/.ssh/id_ed25519";
backends.backends.ssh.allowed-signers = backends.backends.ssh.allowed-signers =
(pkgs.writeText "allowed_signers" '' hosts
imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix |> lib.mapAttrsToList (
imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails)
'').outPath; )
|> lib.flatten
|> lib.concatStringsSep "\n"
|> pkgs.writeText "allowed-signers"
|> toString;
}; };
}; };
}; };
home.packages = [ pkgs.lazyjj ]; programs.jjui.enable = true;
programs.starship = { programs.starship = {
settings = { settings = {
custom = { custom = {

15
vars.nix
View File

@@ -2,5 +2,18 @@ rec {
username = "imxyy"; username = "imxyy";
userfullname = "imxyy_soope_"; userfullname = "imxyy_soope_";
userdesc = userfullname; userdesc = userfullname;
useremail = "imxyy1soope1@gmail.com"; emails = rec {
gmail = "imxyy1soope1@gmail.com";
selfhost = "imxyy@imxyy.top";
default = gmail;
};
hosts = {
"imxyy@imxyy-nix" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO";
"imxyy-ace5" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT";
"imxyy@imxyy-nix-x16" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/";
"imxyy_soope_@imxyy-cloudwin" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE";
};
} }