From e48e6a34a3cd2d0165f12ab0dae3db07f80e4d1e Mon Sep 17 00:00:00 2001 From: Infinidoge Date: Wed, 7 Feb 2024 11:22:33 -0500 Subject: [PATCH] secrets: ignore roaming keys for secrets --- secrets/secrets.nix | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 9c1fe24..299a333 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,6 +1,10 @@ with builtins; let flatten = x: if isList x then concatMap (y: flatten y) x else [ x ]; + hasPrefix = pref: str: (substring 0 (stringLength pref) str == pref); + isValidKey = key: all (keyPrefix: !(hasPrefix keyPrefix key)) [ + "sk-ssh-ed25519" + ]; systems = { Infini-DESKTOP = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7uX1myj9ghv7wMoL038oGDCdScdyLd7RvYdnoioSBh root@Infini-DESKTOP"; @@ -13,10 +17,10 @@ let infinidoge = import ../users/infinidoge/ssh-keys.nix; root = import ../users/root/ssh-keys.nix; }; - allKeys = flatten [ + allKeys = filter isValidKey (flatten [ (attrValues systems) (attrValues users) - ]; + ]); in { "infinidoge-password.age".publicKeys = allKeys;