From 429a6bf3e5956769322490f98dc487947d53de43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Benjamin=20Yule=20B=C3=A4dorf?= <git@benjaminbaedorf.eu>
Date: Tue, 19 Mar 2024 21:08:43 +0100
Subject: [PATCH] ssh: put gpg identity first, use pubkeys

---
 users/b12f/ssh.nix | 17 +++++++----------
 1 file changed, 7 insertions(+), 10 deletions(-)

diff --git a/users/b12f/ssh.nix b/users/b12f/ssh.nix
index 2ef00a7..df4c4e8 100644
--- a/users/b12f/ssh.nix
+++ b/users/b12f/ssh.nix
@@ -31,17 +31,14 @@ in {
 
     programs.ssh = {
       enable = true;
+      extraConfig = ''
+        IdentitiesOnly yes
+        IdentityFile /home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub
+        IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-464.pub
+        IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-485.pub
+        IdentityFile /home/${psCfg.user.name}/.ssh/id_nistp256-748.pub
+      '';
       matchBlocks = {
-        "*" = {
-          identitiesOnly = true;
-          identityFile = [
-            "/home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub"
-            "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-464"
-            "/home/${psCfg.user.name}/.ssh/id_ed25519_sk-485"
-            "/home/${psCfg.user.name}/.ssh/id_nistp256-748.pub"
-          ];
-        };
-
         "git.pub.solar" = {
           user = "gitea";
         };