feat: Implement two-key SSH management strategy
- Add modules/security/ssh-keys.nix for centralized SSH key management - Generate role-specific SSH keys with geir@geokkjer.eu email: - Admin key (geir@geokkjer.eu-admin) for sma user server access - Development key (geir@geokkjer.eu-dev) for geir user and git services - Update SSH client config with role-based host patterns - Configure users/geir.nix and users/sma.nix with appropriate key access - Add SSH key setup to both machine configurations - Create scripts/setup-ssh-keys.sh for key generation automation - Update plan.md with completed SSH security implementation Security benefits: - Principle of least privilege (separate admin vs dev access) - Limited blast radius if keys are compromised - Clear usage patterns: ssh admin-sleeper vs ssh geir@sleeper-service.home - Maintains compatibility with existing services during transition
This commit is contained in:
Geir Okkenhaug Jerstad
parent
6a3a3abc48
commit
77e6b9a501
7 changed files with 221 additions and 10 deletions
|
|
@ -21,6 +21,12 @@
|
|||
|
||||
shell = pkgs.zsh;
|
||||
|
||||
# SSH access with development keys
|
||||
openssh.authorizedKeys.keys = config.security.ssh-keys.development or [
|
||||
# Fallback to current key during transition
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHeOvTHIw+hZOAiWkIrz9t11UeGwxAMx7jN/1IIdgq7O geokkjer@gmail.com"
|
||||
];
|
||||
|
||||
# User-specific packages
|
||||
packages = with pkgs; [
|
||||
# Browsers & Communication
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue