diff --git a/nixos/roles/admins.nix b/nixos/roles/admins.nix index 7b8c524..1bc6d4c 100644 --- a/nixos/roles/admins.nix +++ b/nixos/roles/admins.nix @@ -3,28 +3,21 @@ with lib; let admins = { nerf = { hashedPassword = "$y$j9T$SJcjUIcs3JYuM5oyxfEQa/$tUBQT07FK4cb9xm.A6ZKVnFIPNOYMOKC6Dt6hadCuJ7"; - sshKeys = [ + keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdA4LpEGUUmN8esFyrNZXFb2GiBID9/S6zzhcnofQuP nerf@nerflap2" ]; - nixKeys = [ - "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc=" - ]; }; gonne = { hashedPassword = "$6$EtGpHEcFkOi0yUWp$slXf0CvIUrhdqaoCrQ5YwtYu2IVuE1RGGst4fnDPRLWVm.lYx0ruvSAF2/vw/sLbW37ORJjlb0NHQ.kSG7cVY/"; - sshKeys = [ + keys = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAhwkSDISCWLN2GhHfxdZsVkK4J7JoEcPwtNbAesb+BZAAAABHNzaDo= Gonne" ]; - nixKeys = [ - "gonne.mathebau.de-1:FsXFyFiBFE/JxC9MCkt/WuiXjx5dkRI9RXj0FxOQrV0=" - ]; }; }; mkAdmin = name: { hashedPassword, - sshKeys, - ... + keys, }: { "${name}" = { isNormalUser = true; @@ -32,12 +25,10 @@ with lib; let extraGroups = ["wheel"]; group = "users"; home = "/home/${name}"; - openssh.authorizedKeys = {keys = sshKeys;}; + openssh.authorizedKeys = {inherit keys;}; inherit hashedPassword; }; }; - mkNixKeys = _: {nixKeys, ...}: nixKeys; in { users.users = mkMerge (mapAttrsToList mkAdmin admins); - nix.settings.trusted-public-keys = lists.concatLists (mapAttrsToList mkNixKeys admins); } diff --git a/nixos/roles/nix.nix b/nixos/roles/nix.nix index 965143e..bd5c6e1 100644 --- a/nixos/roles/nix.nix +++ b/nixos/roles/nix.nix @@ -1,7 +1,10 @@ { nix = { settings = { - trusted-public-keys = []; + trusted-public-keys = [ + "nerflap2-1:pDZCg0oo9PxNQxwVSQSvycw7WXTl53PGvVeZWvxuqJc=" + "gonne.mathebau.de-1:FsXFyFiBFE/JxC9MCkt/WuiXjx5dkRI9RXj0FxOQrV0=" + ]; experimental-features = [ "flakes" "nix-command"