Olivier/chiasson-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add navi deployment module and integrate SSH inventory for remote management

Browse Source 
- Introduced a new `navi` module for managing deployments across multiple hosts.
- Enhanced SSH inventory management to support public key application for authorized hosts.
- Configured system deployment builder for seamless integration with Navi.
- Updated various host configurations to enable deployment capabilities and streamline SSH access.
This commit is contained in:
OlivierChiasson
2026-06-04 16:51:30 -03:00
parent 403cf2fde5
commit 2a911b057b
11 changed files with 585 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/ssh/nixos/default.nix
+4 -20
View File
@@ -7,26 +7,10 @@
let
cfg = config.chiasson.ssh.inbound;
inventory = self.lib.sshInventory;
resolveSelection =
selection:
if selection == "all" then
inventory.authorizedKeys
else
let
missing = builtins.filter (name: !(builtins.hasAttr name inventory.hosts)) selection;
in
if missing != [ ] then
throw "ssh.inbound: unknown host keys: ${builtins.concatStringsSep ", " missing}"
else
lib.unique (
builtins.filter (key: key != null) (
builtins.map (hostName: inventory.hosts.${hostName}.publicKey) selection
)
);
in
{
options.chiasson.ssh.inbound = {
enable = lib.mkEnableOption "Apply `authorizedKeys` from the SSH inventory.";
enable = lib.mkEnableOption "Apply SSH inventory public keys to `authorized_keys`.";
userAuthorizedHosts = lib.mkOption {
type = lib.types.attrsOf (lib.types.either (lib.types.enum [ "all" ]) (lib.types.listOf lib.types.str));
default = { };
@@ -35,15 +19,15 @@
admin = [ "14900k" "t2mbp" ];
};
description = ''
Per user: `"all"` or a list of inventory host names whose keys land in `authorized_keys`.
Catalog users that receive the SSH inventory public keys in `authorized_keys`.
'';
};
};
config = lib.mkIf cfg.enable {
users.users = lib.mapAttrs
(_user: selection: {
openssh.authorizedKeys.keys = resolveSelection selection;
(_user: _selection: {
openssh.authorizedKeys.keys = inventory.authorizedKeys;
})
cfg.userAuthorizedHosts;
};