add authorized ssh keys to report, fix some keys

2024-02-19 13:14:31 +01:00 · 2024-02-19 13:14:31 +01:00 · 6b9b66bbf9
parent 6bc9878dc5
commit 6b9b66bbf9
2 changed files with 14 additions and 4 deletions
--- a/flake.nix
+++ b/flake.nix
@ -220,6 +220,16 @@
      fqdn = cfg.networking.fqdn;
      allowedTCPPorts = cfg.networking.firewall.allowedTCPPorts or [];
      allowedUDPPorts = cfg.networking.firewall.allowedUDPPorts or [];
+      users = lib.pipe cfg.users.users [
+        (lib.filterAttrs  (uname: user: user.isNormalUser))
+        (builtins.mapAttrs (uname: user: {
+          authorizedKeys = lib.forEach user.openssh.authorizedKeys.keys (key: builtins.concatStringsSep " " [
+            (builtins.elemAt (lib.splitString " " key) 0)
+            "..."
+            (builtins.elemAt (lib.splitString " " key) 2)
+          ]);
+        }))
+      ];
      bootloader = if cfg.boot.loader.grub.enable then "grub"
        else if cfg.boot.loader.systemd-boot.enable then "systemd-boot"
        else null;
--- a/users/pbsds/default.nix
+++ b/users/pbsds/default.nix
@ -57,15 +57,15 @@

    # TODO: fetch from github?
    openssh.authorizedKeys.keys = [
-      "ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
+      #"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+qv5MogWwOgctQfQeHxUHF2ij6UA8BR4DLXtZClnw6A1CtOjAtZeAW62C8q9OKaIKDO0hqd2vLBkgEno4smqBDJ2ThwKuXrhiHqJzCkXZqIKKx79mpTo7aRpFgkJ7328Ee+tbqa65coL98WRhLnDg69NDaOfSCmH85/D0kuyTG7mYIMdBtFXB/IU0QC9USCSGcUGSnQAEx8S0vaXL7JP043kfEfeqwsea598qX+LFa2UfGwgLBpiWi4QEfYy6fviz2TFkbRYKQImybidzUHZkljjPupqu8U4dIx/jsJM/vew717xZPCU0ZCho77TIU+bYSitD5mjnzuD7LrAdbFgnhkD2sQlD/hUW40kPVT/Tq3DrpDRKC9tniiTaIQV1Pe0k82XwYrvV/hTl8T1ed6TuzhmUggqowAbJRbaBIa1zI672AFFQM8OBIN59ZlLy3V2RZW4fvQk2/xMRdVBT0W5Upx+9rCbH9LCGWL8gNNA/PRJ0L9Ts6cq8kf4tFhFQQrk= pbsds@bjarte"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7Ftu1LP+p+D6YWIo32V9w6ckHCIbrQWPyCNU4rBAbl root@bjarte"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlLTAf5ObSpUU490M/l6+s5m0rxayPeaH23RLvIyoCqGftf/3Yi2iHP8wusBWGrEkXg8Po9YKh2CztflqJBnhsv/HaGYRXNsz3oVf2bSURUepZBkUXkg+T1x9OGG8pfvde8ROWZ8KxwLbAKghHUusyAvtJE9ktDxLpajomXDQlo+v7Hj2v4tMKCG/vHPxf/ni3Icl/8Rwo4zjuxl1MxLftPZv9rxCFv06ujuW6f6Mu5q+damt6ReH7RpOzs1rtDjPSnrRCboY4IbT5P4v6cZCr5hgAblKXHfOzPO9WM7O9tugJeE7eJK6Ps8gvWSHs/48SONSpjcYX3NzsRfxp6RRyD0yGrTDP/Ly6TNZzwZdKPO6GkRbLFXAxSn+ex/zW//R4ECQmof3KPYyjpt7yygICSdRlRocpz5aYxytFqBhelEbQqSZTP8q3HdxqGUplAgaCc0bK+m2ob5cirx3kHK2TyQ2dyCZgOML7AjD3GaclxPjkfEipL3/uFkq6EdsdQFs= pbsds@Svanbjorg"
+      #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlLTAf5ObSpUU490M/l6+s5m0rxayPeaH23RLvIyoCqGftf/3Yi2iHP8wusBWGrEkXg8Po9YKh2CztflqJBnhsv/HaGYRXNsz3oVf2bSURUepZBkUXkg+T1x9OGG8pfvde8ROWZ8KxwLbAKghHUusyAvtJE9ktDxLpajomXDQlo+v7Hj2v4tMKCG/vHPxf/ni3Icl/8Rwo4zjuxl1MxLftPZv9rxCFv06ujuW6f6Mu5q+damt6ReH7RpOzs1rtDjPSnrRCboY4IbT5P4v6cZCr5hgAblKXHfOzPO9WM7O9tugJeE7eJK6Ps8gvWSHs/48SONSpjcYX3NzsRfxp6RRyD0yGrTDP/Ly6TNZzwZdKPO6GkRbLFXAxSn+ex/zW//R4ECQmof3KPYyjpt7yygICSdRlRocpz5aYxytFqBhelEbQqSZTP8q3HdxqGUplAgaCc0bK+m2ob5cirx3kHK2TyQ2dyCZgOML7AjD3GaclxPjkfEipL3/uFkq6EdsdQFs= pbsds@Svanbjorg"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCo5/9uHIKhhpVbcLSKslj9wdBiV4YaY/tydTfypNZBMMP2U54640t8JvHHkxCZRur8AqYupellxAqkmKn516Ut0WvfQcNgF7ieI66JHkK1j7kSFHHG1nkJHslwCh2PeYtfx5zHZZq8X9v/UjVGY182BC4BHC5zixmNiUvvc+N24BRT4NwslFmMYVcTdoNBSJXPgte4uUd+FZrAnHQrjYdJVANgI4i1d11mxlDFgJrPJj30KaIDxHAsAWgCEqGLMDO9N1cpGGbXVeXfoGvv+vdCXgbyA8BK7wWwXvy5HlvhpEJo8g84r6uKMMkEf+K1MpTiaNjdu+7/sKD/ZOyDB4RgCBs0DskouWRi+xfxABaKBj6706Z3hpj+GfpuSXrHKgGYXIL4cZHaAlz8GVsN1mUL4eJ12Sk14Od2QUHbzp7TDz5eaWuczPs5W9qXwNDMZcmBBZ3mkt9ZYPvAPRjeLpAKhhA9xPL3hbob5hhAENTWsFRFJEgpm8l362XFIOLHr/M= pbsds@rocm"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
+      #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff"
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX1n/zBp0Va5VPgUHDJ2tLhR8kzQmkWIdFNVy3WHMzfx2ppR0+ch05ksZ7VYp3ROSMpykdqcjDekM6fD+BJEaHx9MwmHlFgvIVyIVwMwqtheo1gAHW6InsF41c7VRv3dlZgX8ViM9kR6YxCsy8FLkwcRtnQkMnT24LpLvmI6dZA26jAmYvxDO0iSD+7jBf+k1MFJZMxg14tMIcqMnuUhR0OyfORslafM73MKSwFqPeNvJxTq96we5RNBoZfZ63LmAm+EJ/++xoCATWQuSnbrXzIC/tUfHLbn9JUE6OgbTLOCarf/aUQHD5jeevfmNu8DYwtjrqcQsjDt2RySTX1R0OgXDbJe+voOY+9a6mSkpYV37CL5rJGTZYFxLLlC2BZMhmhl/axsK/YGyki9z0zKey65MDl5GxOEaTmVqkextiLMp3qBxvCEOzE6/MsVrOkX/gbNglqFlCVPXxKDBsm5NM/KbqPFuntX+w9UReTAS8MBwBDLM3z0dqT8MaK400wmM= pbsds@noximilien"
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/ qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien"
      #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6 pbsds@bolle"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpuDBMll1viLKd/wm1lCy9iozyKeXMBHDwhdJOpeRLe pbsds@nord"
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord"