modules/darwin/common: refactor keys

2023-12-31 12:43:17 +10:00 · 2023-12-31 12:43:17 +10:00 · c84767203f
commit c84767203f
parent eaa650e208
2 changed files with 7 additions and 11 deletions
--- a/devdoc/onboarding.md
+++ b/devdoc/onboarding.md
@ -4,8 +4,6 @@

 - Add their user and ssh key to [users](../users) as member of the `trusted` and `wheel` groups.

- Add their ssh key to the `hetzner` user in [modules/darwin/common/default.nix](../modules/darwin/common/default.nix).
-
 - Add their user to the list of `admins` in [modules/nixos/buildbot.nix](../modules/nixos/buildbot.nix).

 - Add their age key to [.sops.yaml](../.sops.yaml), update the `creation_rules` and run `inv update-sops-files`.
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ inputs, pkgs, ... }:
 {
  imports = [
    ./apfs-cleanup.nix
@ -12,14 +12,12 @@
  # TODO: refactor this to share /users with nixos
  # if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
  users.users = {
-    hetzner.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE" # mic92
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO37rmfhCI8e1aflMe1AlfK3zf9tXPHjV9dCb1FBupWt" # ryantm
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuiDoBOxgyer8vGcfAIbE6TC4n4jo8lhG9l01iJ0bZz" # zimbatm
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbCYwWByGE46XHH4Q0vZgQ5sOUgbH50M8KO2xhBC4m/" # zowoq
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtr+rcxCZBAAqt8ocvhEEdBWfnRBCljjQPtC6Np24Y3H/HMe3rugsu3OhPscRV1k5hT+UlA2bpN8clMFAfK085orYY7DMUrgKQzFB7GDnOvuS1CqE1PRw7/OHLcWxDwf3YLpa8+ZIwMHFxR2gxsldCLGZV/VukNwhEvWs50SbXwVrjNkwA9LHy3Or0i6sAzU711V3B2heB83BnbT8lr3CKytF3uyoTEJvDE7XMmRdbvZK+c48bj6wDaqSmBEDrdNncsqnReDjScdNzXgP1849kMfIUwzXdhEF8QRVfU8n2A2kB0WRXiGgiL4ba5M+N9v1zLdzSHcmB0veWGgRyX8tN cardno:FF7F00" # adisbladis
-    ];
+    hetzner.openssh.authorizedKeys = {
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
+      ];
+      keyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys";
+    };
  };

  nixCommunity.gc.gbFree = 25;