ssh: allow motiejus from localhost/root

2024-06-06 00:43:37 +03:00 · 2024-06-06 00:43:37 +03:00 · 1ad5cd63d5
parent 2199bae446
commit 1ad5cd63d5
1 changed files with 13 additions and 4 deletions
--- a/modules/base/users/default.nix
+++ b/modules/base/users/default.nix
@ -49,10 +49,19 @@ in {
            isNormalUser = true;
            extraGroups = ["wheel" "dialout" "video"] ++ cfg.user.extraGroups;
            uid = myData.uidgid.motiejus;
-            openssh.authorizedKeys.keys = [
-              myData.people_pubkeys.motiejus
-              myData.people_pubkeys.motiejus_work
-            ];
+            openssh.authorizedKeys.keys = let
+              fqdn = "${config.networking.hostName}.${config.networking.domain}";
+            in
+              lib.mkMerge [
+                [
+                  myData.people_pubkeys.motiejus
+                  myData.people_pubkeys.motiejus_work
+                ]
+
+                (lib.mkIf (builtins.hasAttr fqdn myData.hosts) [
+                  ("from=\"127.0.0.1,::1\" " + myData.hosts.${fqdn}.publicKey)
+                ])
+              ];
          }
          // lib.filterAttrs (n: v: n != "extraGroups" && v != null) cfg.user or {};