diff --git a/flake.lock b/flake.lock index 87aea3c..4fa76dc 100644 --- a/flake.lock +++ b/flake.lock @@ -56,11 +56,11 @@ ] }, "locked": { - "lastModified": 1735774679, - "narHash": "sha256-soePLBazJk0qQdDVhdbM98vYdssfs3WFedcq+raipRI=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "f2f7418ce0ab4a5309a4596161d154cfc877af66", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -134,11 +134,11 @@ "zig": "zig" }, "locked": { - "lastModified": 1736113571, - "narHash": "sha256-5viqX++mUONRNCHf393l26iZIvi2DlFLJR87Xrsod3s=", + "lastModified": 1736210320, + "narHash": "sha256-QnDkQ/s1OWmPj1f+7MFNxQiAPJdHbI1Aft7yM5I+8gQ=", "owner": "ghostty-org", "repo": "ghostty", - "rev": "c9c5ad43a54e815e664569f5e5809a71369b99a2", + "rev": "a3837a1e4ee06a183f32d4a622c2cdcd51f73fb8", "type": "github" }, "original": { @@ -221,11 +221,11 @@ ] }, "locked": { - "lastModified": 1736066484, - "narHash": "sha256-uTstP36WaFrw+TEHb8nLF14hFPzQBOhmIxzioHCDaL8=", + "lastModified": 1736204492, + "narHash": "sha256-CoBPRgkUex9Iz6qGSzi/BFVUQjndB0PmME2B6eEyeCs=", "owner": "nix-community", "repo": "home-manager", - "rev": "5ad12b6ea06b84e48f6b677957c74f32d47bdee0", + "rev": "20665c6efa83d71020c8730f26706258ba5c6b2a", "type": "github" }, "original": { @@ -266,11 +266,11 @@ "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1736035694, - "narHash": "sha256-hsJH+qsn3hdE2Axo+MGQv2oVPzAXoBTdVJEhmUIprzo=", + "lastModified": 1736233375, + "narHash": "sha256-I6fqKdaoKOVU33SyPv+MuxWRiOs+PXQTO94aCLA3rAc=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "75151f049969a87404442dbcf16e885875e29e72", + "rev": "721f5f602b876a3ee21be04f68ab3cedf162e7f6", "type": "github" }, "original": { @@ -282,11 +282,11 @@ "neovim-src": { "flake": false, "locked": { - "lastModified": 1736023725, - "narHash": "sha256-ARpgwbA6wEHBFv4x6Cpv/sXHFkeBiZoYN0iBiI3fKQw=", + "lastModified": 1736193797, + "narHash": "sha256-5S4RnwKfa5nn/r+8OsMtfgD6TEA5P6cWKti76A0zIMc=", "owner": "neovim", "repo": "neovim", - "rev": "a8ace2c58a318552869462a36859aabf1cdfaa68", + "rev": "b6ab294838421afb6932c52dd6e6d35d571e621d", "type": "github" }, "original": { @@ -381,11 +381,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1735915915, - "narHash": "sha256-Q4HuFAvoKAIiTRZTUxJ0ZXeTC7lLfC9/dggGHNXNlCw=", + "lastModified": 1736134818, + "narHash": "sha256-30sOEZ8CFK2nTTMdkhaNrfVlIi3rWTNV0Z5z+NmpFNI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a27871180d30ebee8aa6b11bf7fef8a52f024733", + "rev": "3df3c47c19dc90fec35359e89ffb52b34d2b0e94", "type": "github" }, "original": { @@ -397,11 +397,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1735915915, - "narHash": "sha256-Q4HuFAvoKAIiTRZTUxJ0ZXeTC7lLfC9/dggGHNXNlCw=", + "lastModified": 1736042175, + "narHash": "sha256-jdd5UWtLVrNEW8K6u5sy5upNAFmF3S4Y+OIeToqJ1X8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a27871180d30ebee8aa6b11bf7fef8a52f024733", + "rev": "bf689c40d035239a489de5997a4da5352434632e", "type": "github" }, "original": { @@ -413,11 +413,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1735834308, - "narHash": "sha256-dklw3AXr3OGO4/XT1Tu3Xz9n/we8GctZZ75ZWVqAVhk=", + "lastModified": 1736012469, + "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "6df24922a1400241dae323af55f30e4318a6ca65", + "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "type": "github" }, "original": { @@ -498,11 +498,11 @@ ] }, "locked": { - "lastModified": 1735905407, - "narHash": "sha256-1hKMRIT+QZNWX46e4gIovoQ7H8QRb7803ZH4qSKI45o=", + "lastModified": 1736154270, + "narHash": "sha256-p2r8xhQZ3TYIEKBoiEhllKWQqWNJNoT9v64Vmg4q8Zw=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "29806abab803e498df96d82dd6f34b32eb8dd2c8", + "rev": "13c913f5deb3a5c08bb810efd89dc8cb24dd968b", "type": "github" }, "original": { diff --git a/hosts/nemo/default.nix b/hosts/nemo/default.nix index c36cc1c..d1df1d0 100644 --- a/hosts/nemo/default.nix +++ b/hosts/nemo/default.nix @@ -124,21 +124,20 @@ }; # FIXME: pam_rssh is broken from rust 1.80 upgrade - # environment.systemPackages = [ pkgs.pam_rssh ]; - # security = { - # pam.services.doas = - # { config, ... }: - # { - # rules.auth.rssh = { - # order = config.rules.auth.ssh_agent_auth.order - 1; - # control = "sufficient"; - # modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so"; - # settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" '' - # cat "/etc/ssh/authorized_keys.d/$1" - # ''; - # }; - # }; - # }; + security = { + pam.services.doas = + { config, ... }: + { + rules.auth.rssh = { + order = config.rules.auth.ssh_agent_auth.order - 1; + control = "sufficient"; + modulePath = "${pkgs.pam_rssh}/lib/libpam_rssh.so"; + settings.authorized_keys_command = pkgs.writeShellScript "get-authorized-keys" '' + cat "/etc/ssh/authorized_keys.d/$1" + ''; + }; + }; + }; services.resolved = { enable = true; @@ -175,7 +174,7 @@ ffado libcamera lm_sensors - # pkgs.pam_rssh + pam_rssh openconnect v4l-utils ]; @@ -213,6 +212,14 @@ }; users.groups.nixremote = { }; + nix.sshServe.enable = true; + nix.sshServe.keys = [ + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIHMAEZx02kbHrEygyPQYStiXlrIe6EIqBCv7anIkL0pAAAABHNzaDo= dln@dinky" + "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJNOBFoU7Cdsgi4KpYRcv7EhR/8kD4DYjEZnwk6urRx7AAAABHNzaDo= dln@nemo" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBJ10mLOpInoqDaySyrxbzvcOrJfLw48Y6eWHa9501lw+hEEBXya3ib7nlvpCqEQJ8aPU5fVRqpkOW5zSimCiRbwAAAAEc3NoOg==" + "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBLpoKvsZDIQQLfgzJhe1jAQubBNxjydkj8UfdUPaSXqgfB02OypMOC1m5ZuJYcQIxox0I+4Z8xstFhYP6s8zKZwAAAAEc3NoOg==" + ]; + nix.settings.trusted-users = [ "dln" "lsjostro"