mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-01-18 07:36:37 +01:00
22 lines
839 B
Nix
22 lines
839 B
Nix
{ myvars, ... }:
|
|
{
|
|
programs.ssh = myvars.networking.ssh;
|
|
|
|
users.users.${myvars.username} = {
|
|
description = myvars.userfullname;
|
|
# Public Keys that can be used to login to all my PCs, Macbooks, and servers.
|
|
#
|
|
# Since its authority is so large, we must strengthen its security:
|
|
# 1. The corresponding private key must be:
|
|
# 1. Generated locally on every trusted client via:
|
|
# ```bash
|
|
# # KDF: bcrypt with 256 rounds, takes 2s on Apple M2):
|
|
# # Passphrase: digits + letters + symbols, 12+ chars
|
|
# ssh-keygen -t ed25519 -a 256 -C "ryan@xxx" -f ~/.ssh/xxx`
|
|
# ```
|
|
# 2. Never leave the device and never sent over the network.
|
|
# 2. Or just use hardware security keys like Yubikey/CanoKey.
|
|
openssh.authorizedKeys.keys = myvars.mainSshAuthorizedKeys;
|
|
};
|
|
}
|