users/max: remove PKCS11 and GSSAPI stuff
This commit is contained in:
parent
18596425db
commit
0d7eeec14a
5 changed files with 4 additions and 13 deletions
|
@ -1,5 +1,5 @@
|
||||||
let
|
let
|
||||||
max = (import ../users/max/userinfo.nix null).sshKeys;
|
max = (import ../users/max/userinfo.nix).sshKeys;
|
||||||
hosts = import ../hosts;
|
hosts = import ../hosts;
|
||||||
systemKeys = x: x.ssh.id.publicKey or null;
|
systemKeys = x: x.ssh.id.publicKey or null;
|
||||||
in with hosts;
|
in with hosts;
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
systemProfile: { pkgs, lib, config, inputs, ... }:
|
systemProfile: { pkgs, lib, config, inputs, ... }:
|
||||||
let meta = import ./userinfo.nix pkgs;
|
let meta = import ./userinfo.nix;
|
||||||
in ({
|
in ({
|
||||||
age.secrets.shadow-max.file = ../../secrets/shadow-max.age;
|
age.secrets.shadow-max.file = ../../secrets/shadow-max.age;
|
||||||
users.extraGroups.${meta.userName}.gid = 1000;
|
users.extraGroups.${meta.userName}.gid = 1000;
|
||||||
|
|
|
@ -9,7 +9,7 @@ let
|
||||||
# get past module system args magic
|
# get past module system args magic
|
||||||
systemProfile = if args ? systemProfile then args.systemProfile else "headless";
|
systemProfile = if args ? systemProfile then args.systemProfile else "headless";
|
||||||
|
|
||||||
meta = if args ? meta then args.meta else import ./userinfo.nix pkgs;
|
meta = if args ? meta then args.meta else import ./userinfo.nix;
|
||||||
|
|
||||||
isNixos = args ? isNixos;
|
isNixos = args ? isNixos;
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,6 @@ let
|
||||||
user = "git";
|
user = "git";
|
||||||
extraOptions = {
|
extraOptions = {
|
||||||
CanonicalizeHostname = "no";
|
CanonicalizeHostname = "no";
|
||||||
IdentityFile = ''"pkcs11:token=${meta.userName}"'';
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
labHost = {
|
labHost = {
|
||||||
|
@ -17,9 +16,6 @@ let
|
||||||
VerifyHostKeyDNS = "no";
|
VerifyHostKeyDNS = "no";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
vegasProxy = {
|
|
||||||
proxyJump = "vegas.backbone.${meta.orgDomain}";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
equip = host: cfgSet: cfgSet // { inherit host; };
|
equip = host: cfgSet: cfgSet // { inherit host; };
|
||||||
in {
|
in {
|
||||||
|
@ -35,10 +31,7 @@ in {
|
||||||
extraOptionOverrides = {
|
extraOptionOverrides = {
|
||||||
ExitOnForwardFailure = "yes";
|
ExitOnForwardFailure = "yes";
|
||||||
TCPKeepAlive = "no";
|
TCPKeepAlive = "no";
|
||||||
GSSAPIAuthentication = "yes";
|
|
||||||
GSSAPIDelegateCredentials = "yes";
|
|
||||||
VerifyHostKeyDNS = "yes";
|
VerifyHostKeyDNS = "yes";
|
||||||
PKCS11Provider = builtins.elemAt meta.security.pkcs11Providers 0;
|
|
||||||
CanonicalDomains = builtins.concatStringsSep " "
|
CanonicalDomains = builtins.concatStringsSep " "
|
||||||
((map (sub: "${sub}.${meta.orgDomain}") [
|
((map (sub: "${sub}.${meta.orgDomain}") [
|
||||||
"backbone"
|
"backbone"
|
||||||
|
|
|
@ -1,11 +1,9 @@
|
||||||
pkgs: rec {
|
rec {
|
||||||
firstName = "Max";
|
firstName = "Max";
|
||||||
lastName = "Headroom";
|
lastName = "Headroom";
|
||||||
userName = "max";
|
userName = "max";
|
||||||
orgDomain = "privatevoid.net";
|
orgDomain = "privatevoid.net";
|
||||||
|
|
||||||
security = { pkcs11Providers = [ "${pkgs.opensc}/lib/opensc-pkcs11.so" ]; };
|
|
||||||
|
|
||||||
sshKeys = [
|
sshKeys = [
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5C7mC5S2gM0K6x0L/jNwAeQYbFSzs16Q73lONUlIkL max@TITAN"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL5C7mC5S2gM0K6x0L/jNwAeQYbFSzs16Q73lONUlIkL max@TITAN"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMmdWfmAs/0rno8zJlhBFMY2SumnHbTNdZUXJqxgd9ON max@jericho"
|
||||||
|
|
Loading…
Reference in a new issue