update ssh keys

Alan Pearce alan@alanpearce.eu

Sat, 28 Dec 2024 18:39:13 +0100

commit

7b7960b098be7d6092df90ed9d9d7e6c02fa33a8

parent

488cd1c8a8a28cecb6d48fae306fa61bc9a9489a

1 files changed, 9 insertions(+), 4 deletions(-)

jump to

system/linde.nix

M system/linde.nix → system/linde.nix

@@ -83,7 +83,7 @@ users.users.root.initialHashedPassword = "";   services.openssh = {
     enable = true;
     settings = {
-      PermitRootLogin = "no";
+      PermitRootLogin = "without-password";
       PasswordAuthentication = false;
       KbdInteractiveAuthentication = false;
     };
@@ -298,9 +298,14 @@ set --universal fish_greeting ""     '';
   };
   programs.zsh.enable = true;
-  users.users.root.shell = "${pkgs.fish}/bin/fish";
+  users.users.root = {
+    shell = "/run/current-system/sw/bin/fish";
+    openssh.authorizedKeys.keys = [
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHYUyDdw92TNXguAxcmcmZmn/7ECGdRp6ckjxU+5zCw3BCnsS5+xEvHBVnnFdJRoH2XpfMeJjE+fi67zFVhlbn4= root@secretive.marvin"
+    ];
+  };
   users.users.alan = {
-    shell = "${pkgs.fish}/bin/fish";
+    shell = "/run/current-system/sw/bin/fish";
     extraGroups = [ "wheel" "caddy" "docker" "laminar" ];
     isNormalUser = true;
     home = "/home/alan";
@@ -308,7 +313,7 @@ createHome = true; 
     openssh.authorizedKeys.keys = [
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII8VIII+598QOBxi/52O1Kb19RdUdX0aZmS1/dNoyqc5 alan@hetzner.strongbox"
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEsD23eNmxBQj+FCxXXvSAX9U+9HPLKei95vdHPGWbyA5TVlD0N8ROxcfRwDepaQfCqOxEchh7liLAivI1PRCd0= secretive@macbook-pro"
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJVREjPey2TOIPzfYJoG9yIR4Rui7tNJK2QIKa+pbgsyXg31hhPIw37LRRIic+l53mW8eahHxX3Y1IeTjcMw8IU= alan@secretive.marvin"
     ];
   };

all repos — nixfiles @ 7b7960b098be7d6092df90ed9d9d7e6c02fa33a8

System and user configuration, managed by nix and home-manager