john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

moved sign-ssh-cert

Browse Source
This commit is contained in:
John Lancaster
2026-03-15 15:20:34 -05:00
parent ff9a817ef8
commit da2de12193
2 changed files with 26 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
modules/services/ssh.nix
View File

@@ -45,6 +45,10 @@ in
certAuthority = true;
publicKey = sshHostCAPubKey;
};
"*.john-stream.com" = {
certAuthority = true;
publicKey = sshHostCAPubKey;
};
};
};
};
@@ -85,23 +89,6 @@ in
provisionerPasswordPath = config.sops.secrets."janus/admin_jwk".path;
sshHostProvisioner = config.step-client.sshHostProvisioner;
in {
sops.secrets."janus/admin_jwk" = {
mode = "0400";
};
home.packages = lib.optionals cfg.certificates.enable [
(pkgs.writeShellScriptBin "sign-ssh-cert" ''
${lib.getExe pkgs.step-cli} ssh certificate \
--sign \
--principal ${userName} \
--principal root \
--principal appdaemon \
--provisioner "${sshHostProvisioner}" \
--provisioner-password-file "${provisionerPasswordPath}" \
${userName} ${publicKeyFile}
'')
];
home.file.".ssh/known_hosts" = {
text = lib.concatStringsSep "\n" (
[