feat(nixos): Add option to fetch ssh keys from github

2024-01-15 22:19:06 +01:00 · 2024-01-15 22:19:06 +01:00 · 9250a92d5a
commit 9250a92d5a
parent 7382e8d0f0
2 changed files with 22 additions and 0 deletions
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -46,6 +46,15 @@ in
      status.disabled = false;
      sudo.disabled = false;
    };
+
+    programs.ssh.knownHostsFiles =
+      lib.mapAttrsToList
+        (username: sha256: builtins.fetchurl {
+          inherit sha256;
+          url = "https://github.com/${username}.keys";
+        })
+        cfg.importSSHKeysFromGithub;
+
    # Default shell
    programs.zsh.enable = true;
    users.defaultUserShell = pkgs.zsh;
--- a/nixos/options.nix
+++ b/nixos/options.nix
@ -56,6 +56,19 @@ let
      description = "Jalil's styling options";
      type = types.submodule styling;
    };
+    importSSHKeysFromGithub = lib.mkOption {
+      description = lib.mdDoc ''
+        Import public ssh keys from a github username.
+
+        This will fetch the keys from https://github.com/$${username}.keys.
+
+        The format is `"$${github-username}" = $${sha256-hash}`. The example
+        will try to fetch the keys from <https://github.com/jalil-salame.keys>.
+      '';
+      default = { };
+      example = { "jalil-salame" = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; };
+      type = types.attrsOf types.str;
+    };
  };
 in
 {