Home-manager user - specifying openssh authorizedKeys?

pjgoodall · July 31, 2023, 10:33pm

I am running NixOS within a VirtualBox VM.
If I create a user using home-manager in my configuration.nix file, how do I specify the OpenSSH authorizedKeys for that user?

before home-manager:

# Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.eve = {
    isNormalUser = true;
    description = "Guess whom";
    extraGroups = [ "networkmanager" "wheel" ];
    packages = with pkgs; [
      neovim
    ];
    # Add ssh authorized key
    openssh.authorizedKeys.keys = [
    	"ssh-ed25519 AAAA [...] id_ed25519"
    ];

  };

using home-manager??

I can’t find any guidance on how to set-up openssh for a user created using home-manager.

users.users.eve.isNormalUser = true;
home-manager.users.eve = { pkgs, ... }: {
	home.stateVersion = "23.05";
	home.packages =  with pkgs; [ 
		neovim 
	];
	programs.bash.enable = true;
};

I unsuccessfully tried inserting:

programs.openssh.authorizedKeys =  [
    	"ssh-ed25519 AAAA [...] id_ed25519"
    ];

The OpenSSH daemon is already running from global setup and an ssh login for a conventional user is active.

Where should I be looking up how to set these options in home manager?

P.S. I had to explicitly set home.stateVersion - which isn’t in the examples in the manual. Examples in the manual need automated testing. It’s hard on new users having the canonical examples break.

Thanks…

TLATER · August 1, 2023, 6:34am

Generally, in the home-manager options documentation: Appendix A. Configuration Options

Alas, there is no authorizedKeys option, presumably because home-manager isn’t really targeted at machines which would have that file. I’d consider it an oversight.

You can easily make your own with home.file though:

home.file.".ssh/authorized_keys" = ''
  ssh-ed25519 AAAA [...] id_ed25519
'';

It’s present in the official documentation’s example: Home Manager Manual

What guide were you following?

NobbZ · August 1, 2023, 2:18pm

Using HM to manage the authorized_keys the way TLATER explains comes at the cost of being unable to use ssh-copy-id for that user.

This might be a wanted or unwanted effect, but you should keep this in mind.

pjgoodall · August 1, 2023, 9:43pm

I was following: Home Manager Manual

I had to insert

home.stateVersion = "23.05";

for it to work without error

pjgoodall · August 1, 2023, 9:49pm

I also asked for help on matrix. Where rycee suggested

I think that is typically done through the NixOS option users.users.<name>.openssh.authorizedKeys.keys .*

I haven’t tried it yet - dinner called.

TLATER · August 2, 2023, 6:12am

Yeah, you can still use NixOS options like you were to begin with, but I thought the premise of this thread was that you wanted to set it with home-manager?

pjgoodall · August 2, 2023, 7:15am

Yes - that was the premise of both questions/threads. I’m getting hints that the home manager API isn’t able to do it directly.

i.e. no home.openssh.authorizedKeys = [] - or equivalent facility exists.

TLATER · August 2, 2023, 7:30am

Yes, exactly. You can continue to use either the NixOS option, or use home.files to substitute if you really want to use home-manager.