From c493f3eb231e631d9258017ea6006e057cd3a0c5 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Sun, 23 Oct 2022 13:33:41 +0200
Subject: Store SSH keys outside ~/.ssh

Apparently, when setting up `home-openssh-service-type` for the first
time, it deleted the keys I had stored in ~/.ssh.
---
 home-configuration.scm | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

(limited to 'home-configuration.scm')

diff --git a/home-configuration.scm b/home-configuration.scm
index ec904cec..107f117c 100644
--- a/home-configuration.scm
+++ b/home-configuration.scm
@@ -525,7 +525,7 @@ PreferredAuthentications gssapi-keyex,gssapi-with-mic,publickey,password,keyboar
 ProxyJump \"twilken@lxplus.cern.ch\"
 "))
 
-        ;; Earlier rules overwrite later ones.
+        ;; Earlier rules take precedence over later ones.
         `(,(openssh-host (name "*.srcf.net") (user "tw466"))
           ,(openssh-host (name "*.fritz.box")
                          (extra-content "ProxyJump lud.twilken.net"))
@@ -537,8 +537,7 @@ ProxyJump \"twilken@lxplus.cern.ch\"
           ;; BitBucket apparently only supports ssh-rsa.
           ,(openssh-host (name "bitbucket.org")
                          (host-key-algorithms '("+ssh-rsa"))
-                         (accepted-key-types '("+ssh-rsa"))
-                         (identity-file "~/.ssh/id_rsa"))
+                         (accepted-key-types '("+ssh-rsa")))
           ,(openssh-host (name "gitlab.cern.ch")
                          (port 7999)
                          (extra-content "ProxyJump none"))  ; no jump needed
@@ -551,14 +550,18 @@ ProxyJump \"twilken@lxplus.cern.ch\"
           ,@(map (lambda (host user)
                    (openssh-host (name host)
                                  (user user)
-                                 (identity-file "~/.ssh/alicern_id_rsa")
+                                 (identity-file "~/.local/share/ssh-keys/alicern_id_rsa")
                                  (extra-content (cern-extra-content #f))))
                  (map car cern-ci-hosts/users)
                  (map cdr cern-ci-hosts/users))
           ,(openssh-host (name "*.cern.ch")
                          (user "twilken")
-                         (identity-file "~/.ssh/cern_id_rsa")
-                         (extra-content (cern-extra-content #t))))))))
+                         (identity-file "~/.local/share/ssh-keys/cern_id_rsa")
+                         (extra-content (cern-extra-content #t)))
+          ;; Default SSH key. This isn't in ~/.ssh as `home-openssh-service-type'
+          ;; manages that and might delete keys there.
+          ,(openssh-host (name "*")
+                         (identity-file "~/.local/share/ssh-keys/id_rsa")))))))
 
    (simple-service  ; this can't be a `service' as that would remove the 'guix channel
     'nonfree-channels home-channels-service-type
-- 
cgit v1.2.3