git: add kirchner's alternative ssh key

author: Alexander Foremny <aforemny@posteo.de> 2024-05-07 09:43:19 +0200
committer: Alexander Foremny <aforemny@posteo.de> 2024-05-07 09:43:51 +0200
commit: c978457f3a591188b6273e93fdf397896322c9d5 (patch)
tree: 84b83e39c6a833cd7bedb8f4340d6a46abc9fada
parent: fd001926dfab0d32ed41c6a6d0b36d5ad213696d (diff)
7 files changed, 18 insertions, 16 deletions
diff --git a/apps/cgit/appspec.nix b/apps/cgit/appspec.nix
index a7744d5..4790a21 100644
--- a/apps/cgit/appspec.nix
+++ b/apps/cgit/appspec.nix
@@ -26,11 +26,11 @@
     };
     users = lib.mkOption {
       type = lib.types.attrsOf (lib.types.submodule {
-        options.publicKeyFile = lib.mkOption {
-          type = lib.types.nullOr lib.types.str;
+        options.publicKeyFiles = lib.mkOption {
+          type = lib.types.listOf lib.types.str;
         };
       });
-      default = { };
+      default = [ ];
     };
   };
 }
diff --git a/apps/cgit/integration.nix b/apps/cgit/integration.nix
index 8190c2a..608c29f 100644
--- a/apps/cgit/integration.nix
+++ b/apps/cgit/integration.nix
@@ -4,9 +4,9 @@
   users.users.git.createHome = true;
   users.users.git.shell = "${pkgs.git}/bin/git-shell";
   users.users.git.openssh.authorizedKeys.keyFiles =
-    lib.optionals (appConfig.users != null) (lib.mapAttrsToList
-      (name: attrs: attrs.publicKeyFile)
-      appConfig.users);
+    lib.optionals (appConfig.users != null) (lib.concatLists (lib.mapAttrsToList
+      (name: attrs: attrs.publicKeyFiles)
+      appConfig.users));
 
   bindMounts."/var/lib/git".isReadOnly = false;
 
diff --git a/apps/static-users/appspec.nix b/apps/static-users/appspec.nix
index cb55ea7..92ec8ba 100644
--- a/apps/static-users/appspec.nix
+++ b/apps/static-users/appspec.nix
@@ -7,9 +7,9 @@
         type = lib.types.nullOr lib.types.str;
         default = "system-secrets/${appConfig.appId}/${appConfig.users.${name}.username}.password";
       };
-      options.publicKeyFile = lib.mkOption {
-        type = lib.types.nullOr lib.types.path;
-        default = null;
+      options.publicKeyFiles = lib.mkOption {
+        type = lib.types.listOf lib.types.path;
+        default = [ ];
       };
       options.username = lib.mkOption {
         type = lib.types.str;
diff --git a/apps/static-users/capabilities.nix b/apps/static-users/capabilities.nix
index 1861888..33679ad 100644
--- a/apps/static-users/capabilities.nix
+++ b/apps/static-users/capabilities.nix
@@ -7,8 +7,6 @@
     # TODO appConfig should come from config to have been fully evaluated
     config.fysiweb-apps.${appConfig.owner}.${appConfig.appName}.${appConfig.appInstanceName}.users;
   ssh-credentials = lib.concatMapAttrs
-    (name: attrs: lib.optionalAttrs (attrs.publicKeyFile != null) {
-      ${name} = { inherit (attrs) publicKeyFile; };
-    })
+    (name: attrs: { ${name} = { inherit (attrs) publicKeyFiles; }; })
     appConfig.users;
 }
diff --git a/modules/fysiweb-capabilities/default.nix b/modules/fysiweb-capabilities/default.nix
index bf1937b..862aaf7 100644
--- a/modules/fysiweb-capabilities/default.nix
+++ b/modules/fysiweb-capabilities/default.nix
@@ -16,8 +16,8 @@ in
   };
   options.fysiweb.capabilities.ssh-credentials = lib.mkOption {
     type = lib.types.attrsOf (lib.types.attrsOf (lib.types.submodule {
-      options.publicKeyFile = lib.mkOption {
-        type = lib.types.str;
+      options.publicKeyFiles = lib.mkOption {
+        type = lib.types.listOf lib.types.str;
       };
     }));
     default = { };
diff --git a/public/kirchner@hereon.id_rsa.pub b/public/kirchner@hereon.id_rsa.pub
new file mode 100644
index 0000000..5d4f4ee
--- /dev/null
+++ b/public/kirchner@hereon.id_rsa.pub
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC2uDEq2ViqPFbjUngLDCvWcY51vh6dUM4uwDm9spziokEdilXlNdECXlSt0eYxopwB0F7Bo0GcsNgcKCDMkhqtyZisPf4wdGMVQScrC5hraqmOj1T3EcUUfVWhxvMYftY1rnDJjLSU8jvsKn4doWL+McGMpH9MXgGMdq26XvF84nkocc0Y3kKdPczltAsA1nejhbIcuhUXrGh/EzL8ORgXXvDfz9pxkVB0pPfh/S/6ibjYLA5EER3HStS5KVg9VPT7KBNVI14Ck4ubK9C5zn1MAQ9C3YvINvf+jAt7oMa+011aGngb7SoRJsu9dyabePY218r1bojZJnAOLRXGYhw2awc+/ueo7lackEBk/PWFFn1LumPpHylENi6Ya28TFre7yrWwxFo9w6HiU6cEz6lFHR/1FdWGedxjWbESp+roTniGe6xJs4bOyWSiYuKR6sDt5Mw0IPxnHQVu04ZDE9m0GYb1TNvGLo6RcH6sTxdeTniIDglRMpDdNCgzeTJLZus= kirchner@nixos
diff --git a/systems/system1/configuration.nix b/systems/system1/configuration.nix
index 37fff13..12e465d 100644
--- a/systems/system1/configuration.nix
+++ b/systems/system1/configuration.nix
@@ -18,8 +18,11 @@
     }
     # enable static users
     {
-      fysiweb-apps.public.static-users.public.users.aforemny.publicKeyFile = toString ../../public + "/aforemny.id_rsa.pub";
-      fysiweb-apps.public.static-users.public.users.kirchner.publicKeyFile = toString ../../public + "/kirchner.id_rsa.pub";
+      fysiweb-apps.public.static-users.public.users.aforemny.publicKeyFiles = [ (toString ../../public + "/aforemny.id_rsa.pub") ];
+      fysiweb-apps.public.static-users.public.users.kirchner.publicKeyFiles = [
+        (toString ../../public + "/kirchner.id_rsa.pub")
+        (toString ../../public + "/kirchner@hereon.id_rsa.pub")
+      ];
     }
     # enable authelia
     {
author	Alexander Foremny <aforemny@posteo.de>	2024-05-07 09:43:19 +0200
committer	Alexander Foremny <aforemny@posteo.de>	2024-05-07 09:43:51 +0200
commit	c978457f3a591188b6273e93fdf397896322c9d5 (patch)
tree	84b83e39c6a833cd7bedb8f4340d6a46abc9fada
parent	fd001926dfab0d32ed41c6a6d0b36d5ad213696d (diff)