nixos-config/modules/pubkeys.nix

38 lines
1.3 KiB
Nix
Raw Normal View History

2024-01-21 20:58:25 +01:00
# SPDX-FileCopyrightText: 2020-2024 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
2020-12-05 16:42:49 +01:00
{ config, lib, ... }:
let
cfg = config.sbruder.pubkeys;
in
2020-08-22 17:44:39 +02:00
{
2020-12-05 16:42:49 +01:00
options.sbruder.pubkeys = {
keys = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
description = "Known public keys that can be used in the configuration";
default = {
2024-01-21 20:58:25 +01:00
"alpha" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE1KsR0pgwLfhbP/BDeyb7CLnIqbWiaS52QKUOYLtioH"; # Nitrokey 3
"beta" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtp4pbIVjjXN7J277+pm5EyzIQVD5aHpoi45J1PNVCL"; # Nitrokey 3
"backup" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfsufQIdFzWK1B1uelCzt8XJaoublRPn1gjZvumSEr+"; # Offline backup key
2020-12-05 16:42:49 +01:00
};
};
trustedNames = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Names of trusted public keys, used to generate <literal>sbruder.pubkeys.trustedKeys</literal>";
default = [
2024-01-21 20:58:25 +01:00
"alpha"
"beta"
"backup"
2020-12-05 16:42:49 +01:00
];
};
trustedKeys = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Trusted public keys, automatically generated from <literal>sbruder.pubkeys.trustedNames</literal>";
default = map
2020-12-05 16:42:49 +01:00
(name: cfg.keys."${name}")
cfg.trustedNames;
};
};
2020-08-22 17:44:39 +02:00
}