Commit `3fc3cfc22553`

Vincent Demeester <vincent@sbr.pm>

2026-02-19 10:38:57

fix(ssh): use id_ed25519 for kerkouane on okinawa

Added okinawa to non-FIDO2 override so unattended services like nix-flake-updater can authenticate without YubiKey touch.

main

1 parent 3138c1b

Changed files (1)

home

common

shell

openssh.nix

@@ -53,8 +53,8 @@ in
           "git.sr.ht".identityFile = "~/.ssh/id_ed25519_sk";
           "*.redhat.com".identityFile = "~/.ssh/id_ed25519_sk";
         };
-        # Special case for aomi
-        aomiOverrides = lib.optionalAttrs isAomi {
+        # Special case for aomi and okinawa: no FIDO2 homelab key, use regular ed25519
+        nonFido2Overrides = lib.optionalAttrs (isAomi || isOkinawa) {
           "kerkouane.vpn" = {
             identityFile = "~/.ssh/id_ed25519";
             identitiesOnly = true;
@@ -192,7 +192,7 @@ in
         )
         (
           lib.recursiveUpdate criticalInfraOverrides (
-            lib.recursiveUpdate kyushuOverrides (lib.recursiveUpdate okinawaOverrides aomiOverrides)
+            lib.recursiveUpdate kyushuOverrides (lib.recursiveUpdate okinawaOverrides nonFido2Overrides)
           )
         );
     extraConfig = ''

Commit 3fc3cfc22553

Commit `3fc3cfc22553`