refactor: improve cross host pubkey sharing

2024-09-22 17:24:57 +02:00 · 2024-09-22 17:24:57 +02:00 · db720de9cf
commit db720de9cf
parent dfc0cb553f
5 changed files with 38 additions and 30 deletions
--- a/hosts/raptus/configuration.nix
+++ b/hosts/raptus/configuration.nix
@ -3,14 +3,9 @@
  lib,
  pkgs,
  config,
+  pubkeys,
  ...
 }:
-let
-  sshAccess = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw" # brontes
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwlScEmVbdc0EH93XLX+K8yP5FKUKzMf/bWTSO+rMiO" # marr
-  ];
-in
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
@ -96,7 +91,7 @@ in
    pkgs.gitMinimal
  ];

-  users.users.root.openssh.authorizedKeys.keys = sshAccess;
+  users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];

  system.stateVersion = "24.11";
 }
--- a/hosts/shan/configuration.nix
+++ b/hosts/shan/configuration.nix
@ -2,12 +2,9 @@
  modulesPath,
  lib,
  pkgs,
-  self,
+  pubkeys,
  ...
 }:
-let
-  pubKeys = (import "${self}/options/keys.nix").allUser;
-in
 {
  imports = [
    (modulesPath + "/profiles/qemu-guest.nix")
@ -21,7 +18,7 @@ in
  };

  modules.server.navidrome = {
-    enable = false;
+    enable = true;
    library = {
      path = "/mnt/music";
      type = "nfs";
@ -30,7 +27,10 @@ in
        path = "/mnt/Fort/data/music";
      };
    };
-    settings = { };
+    settings = {
+      Address = "127.0.0.1";
+      Port = 4533;
+    };
  };

  services.openssh.enable = true;
@ -39,15 +39,7 @@ in
    pkgs.curl
  ];

-  users.users.root.openssh.authorizedKeys.keys = pubKeys;
-
-  virtualisation.docker = {
-    enableOnBoot = true;
-    rootless = {
-      enable = true;
-      setSocketVariable = true;
-    };
-  };
+  users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];

  system.stateVersion = "23.11";
 }
--- a/modules/nix/overlays.nix
+++ b/modules/nix/overlays.nix
@ -27,7 +27,7 @@
        pkgs = prev.pkgs;
      };

-      rofi-obsidian = inputs'.rofi-obsidian.outputs.packages.rofi-obsidian;
+      rofi-obsidian = inputs'.rofi-obsidian.packages.rofi-obsidian;

      nysh = inputs'.nysh.packages.nysh;

--- a/options/keys.nix
+++ b/options/keys.nix
@ -1,10 +1,30 @@
-rec {
-  brontesUser = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw"
-  ];
-  marrUser = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwlScEmVbdc0EH93XLX+K8yP5FKUKzMf/bWTSO+rMiO" ];
+{ lib, ... }:
+let
+  inherit (lib) foldl' attrValues;
+  take = machines: map (m: systems.${m}) machines;

-  allUser = brontesUser ++ marrUser;
+  users = {
+    ny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw";
+  };
+  systems = {
+    brontes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgknH3OPazZNhH5xkYfXBcYpI3TXj/eRp0/zzjtVJBf";
+    marr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMh2nUUKt3xsKiwZUuo6HgvR3lr7rRAl0SOH/502sFP";
+    raptus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdpjGR/pV1roktZdKIVVWqds0JB+x1ksfyQmYPMLK7o";
+    shan = "";
+  };

-  all = allUser;
+  workstations = take "brontes" "marr";
+  server = take "raptus" "shane";
+
+  all = foldl' (a: b: a ++ [ b ]) [ users.ny ] (attrValues systems);
+in
+{
+  inherit all workstations server;
+  inherit (users) ny;
+  inherit (users)
+    raptus
+    brontes
+    marr
+    shan
+    ;
 }
--- a/parts/lib/functions.nix
+++ b/parts/lib/functions.nix
@ -35,6 +35,7 @@
        specialArgs = {
          inherit inputs inputs';
          inherit self self';
+          pubkeys = import ../../options/keys.nix { inherit lib; };
          username = "ny";
        };
      }