mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-03-18 07:13:44 +01:00
21 lines
837 B
Nix
21 lines
837 B
Nix
{myvars, ...}: {
|
|
programs.ssh = myvars.networking.ssh;
|
|
|
|
users.users.${myvars.username} = {
|
|
description = myvars.userfullname;
|
|
# Public Keys that can be used to login to all my PCs, Macbooks, and servers.
|
|
#
|
|
# Since its authority is so large, we must strengthen its security:
|
|
# 1. The corresponding private key must be:
|
|
# 1. Generated locally on every trusted client via:
|
|
# ```bash
|
|
# # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
|
|
# # Passphrase: digits + letters + symbols, 12+ chars
|
|
# ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
|
|
# ```
|
|
# 2. Never leave the device and never sent over the network.
|
|
# 2. Or just use hardware security keys like Yubikey/CanoKey.
|
|
openssh.authorizedKeys.keys = myvars.mainSshAuthorizedKeys;
|
|
};
|
|
}
|