sign-ssh-user-cert

2026-04-19 18:54:09 -05:00
parent 03965917ea
commit aace1776d5
4 changed files with 30 additions and 43 deletions
@@ -1,37 +0,0 @@
-{ self, inputs, ... }: {
-  #
-  # Home Manager Module
-  #
-  flake.modules.homeManager.step-ssh-user = { config, pkgs, lib, ... }:
-  let
-    cfg = config.step-ssh-user;
-    firstPrincipal = lib.head cfg.principals;
-    principalArgs = lib.concatMapStringsSep " "
-      (principal: "--principal \"${principal}\"") cfg.principals;
-  in
-  {
-    options.step-ssh-user = {
-      enable = lib.mkEnableOption "opionated step client config for SSH certs";
-      provisioner = lib.mkOption {
-        type = lib.types.str;
-        default = "admin";
-      };
-      principals = lib.mkOption {
-        type = lib.types.listOf lib.types.str;
-      };
-    };
-    config = lib.mkIf cfg.enable {
-      sops.secrets."janus/admin_jwk".mode = "0400";
-      home.packages = with pkgs; [
-        (writeShellScriptBin "sign-ssh-cert" ''
-          ${lib.getExe pkgs.step-cli} ssh certificate \
-          --sign \
-          ${principalArgs} \
-          --provisioner "${cfg.provisioner}" \
-          --provisioner-password-file "${config.sops.secrets."janus/admin_jwk".path}" \
-          "${firstPrincipal}" "${config.ssh.identityFile}.pub"
-        '')
-      ];
-    };
-  };
-}