max/config
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

users/max: remove PKCS11 and GSSAPI stuff

Browse source
This commit is contained in:
Max Headroom 2024-06-29 21:02:52 +02:00
parent 18596425db
commit 0d7eeec14a
5 changed files with 4 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
secrets/secrets.nix
View file

@ -1,5 +1,5 @@
let let
max = (import ../users/max/userinfo.nix null).sshKeys; max = (import ../users/max/userinfo.nix).sshKeys;
hosts = import ../hosts; hosts = import ../hosts;
systemKeys = x: x.ssh.id.publicKey or null; systemKeys = x: x.ssh.id.publicKey or null;
in with hosts; in with hosts;

2
users/max/default.nix
View file

@ -1,5 +1,5 @@
systemProfile: { pkgs, lib, config, inputs, ... }: systemProfile: { pkgs, lib, config, inputs, ... }:
let meta = import ./userinfo.nix pkgs; let meta = import ./userinfo.nix;
in ({ in ({
age.secrets.shadow-max.file = ../../secrets/shadow-max.age; age.secrets.shadow-max.file = ../../secrets/shadow-max.age;
users.extraGroups.${meta.userName}.gid = 1000; users.extraGroups.${meta.userName}.gid = 1000;

2
users/max/home.nix
View file

@ -9,7 +9,7 @@ let
# get past module system args magic # get past module system args magic
systemProfile = if args ? systemProfile then args.systemProfile else "headless"; systemProfile = if args ? systemProfile then args.systemProfile else "headless";
meta = if args ? meta then args.meta else import ./userinfo.nix pkgs; meta = if args ? meta then args.meta else import ./userinfo.nix;
isNixos = args ? isNixos; isNixos = args ? isNixos;

7
users/max/home/ssh.nix
View file

@ -4,7 +4,6 @@ let
user = "git"; user = "git";
extraOptions = { extraOptions = {
CanonicalizeHostname = "no"; CanonicalizeHostname = "no";
IdentityFile = ''"pkcs11:token=${meta.userName}"'';
}; };
}; };
labHost = { labHost = {
@ -17,9 +16,6 @@ let
VerifyHostKeyDNS = "no"; VerifyHostKeyDNS = "no";
}; };
}; };
vegasProxy = {
proxyJump = "vegas.backbone.${meta.orgDomain}";
};
}; };
equip = host: cfgSet: cfgSet // { inherit host; }; equip = host: cfgSet: cfgSet // { inherit host; };
in { in {
@ -35,10 +31,7 @@ in {
extraOptionOverrides = { extraOptionOverrides = {
ExitOnForwardFailure = "yes"; ExitOnForwardFailure = "yes";
TCPKeepAlive = "no"; TCPKeepAlive = "no";
GSSAPIAuthentication = "yes";
GSSAPIDelegateCredentials = "yes";
VerifyHostKeyDNS = "yes"; VerifyHostKeyDNS = "yes";
PKCS11Provider = builtins.elemAt meta.security.pkcs11Providers 0;
CanonicalDomains = builtins.concatStringsSep " " CanonicalDomains = builtins.concatStringsSep " "
((map (sub: "${sub}.${meta.orgDomain}") [ ((map (sub: "${sub}.${meta.orgDomain}") [
"backbone" "backbone"

4
users/max/userinfo.nix
View file

@ -1,11 +1,9 @@
pkgs: rec { rec {
firstName = "Max"; firstName = "Max";
lastName = "Headroom"; lastName = "Headroom";
userName = "max"; userName = "max";
orgDomain = "privatevoid.net"; orgDomain = "privatevoid.net";
security = { pkcs11Providers = [ "${pkgs.opensc}/lib/opensc-pkcs11.so" ]; };
sshKeys = [ sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5C7mC5S2gM0K6x0L/jNwAeQYbFSzs16Q73lONUlIkL max@TITAN" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5C7mC5S2gM0K6x0L/jNwAeQYbFSzs16Q73lONUlIkL max@TITAN"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho"