Commit `adf6203681f1`

Vincent Demeester <vincent@sbr.pm>

2026-02-24 11:20:41

feat(git): use ed25519 key for signing on okinawa

Switched from FIDO2/YubiKey to ~/.ssh/id_ed25519 so git signing works without the YubiKey plugged in.

main

1 parent 91e7653

Changed files (1)

home

common

shell

git.nix

@@ -30,8 +30,8 @@ let
   sshkeyPerHost = {
     # FIDO2 resident key (ssh:signing) - no touch required for signing
     kyushu = "${pkgs.writeText "yubikey5-fido2-signing" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGF/BoGqFc5/pM40bF/2UhWzRFaDmS4hJ45VtpXjUh36AAAAC3NzaDpzaWduaW5n"}";
-    # Okinawa uses a different FIDO2 key (single key for all purposes)
-    okinawa = "${pkgs.writeText "okinawa-fido2" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEefW7gStvkrO98v6UUawwa3yOu896Ei8USE/Sh2DjaUAAAABHNzaDo="}";
+    # Okinawa uses a regular ed25519 key (no yubikey dependency)
+    okinawa = "${pkgs.writeText "okinawa-ed25519" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILfT4qPT4nH+K6wfhnM4JCtflrUEIXPAYpqdN7W7TOBo vincent@okinawa-passage"}";
     aomi = "${pkgs.writeText "aomi" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3 vincent@aomi"}";
   };
   defaultSSHKey = sshkeyPerHost.kyushu;
@@ -46,7 +46,7 @@ let
   allowedSigners = ''
     vincent@aomi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILJmTdMKYdgqpbQWBif58VBuwX+GqMGsMfB1ey1TKrM3
     vincent@kyushu sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGF/BoGqFc5/pM40bF/2UhWzRFaDmS4hJ45VtpXjUh36AAAAC3NzaDpzaWduaW5n
-    vincent@okinawa sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEefW7gStvkrO98v6UUawwa3yOu896Ei8USE/Sh2DjaUAAAABHNzaDo=
+    vincent@okinawa ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILfT4qPT4nH+K6wfhnM4JCtflrUEIXPAYpqdN7W7TOBo
   '';
 in
 {

Commit adf6203681f1

Commit `adf6203681f1`