From c84767203ffc152c1682a48e4dfa7ea967e82c67 Mon Sep 17 00:00:00 2001
From: zowoq <59103226+zowoq@users.noreply.github.com>
Date: Sun, 31 Dec 2023 12:43:17 +1000
Subject: [PATCH] modules/darwin/common: refactor keys

---
 devdoc/onboarding.md              |  2 --
 modules/darwin/common/default.nix | 16 +++++++---------
 2 files changed, 7 insertions(+), 11 deletions(-)

diff --git a/devdoc/onboarding.md b/devdoc/onboarding.md
index fb16266..a4b9e10 100644
--- a/devdoc/onboarding.md
+++ b/devdoc/onboarding.md
@@ -4,8 +4,6 @@
 
 - Add their user and ssh key to [users](../users) as member of the `trusted` and `wheel` groups.
 
-- Add their ssh key to the `hetzner` user in [modules/darwin/common/default.nix](../modules/darwin/common/default.nix).
-
 - Add their user to the list of `admins` in [modules/nixos/buildbot.nix](../modules/nixos/buildbot.nix).
 
 - Add their age key to [.sops.yaml](../.sops.yaml), update the `creation_rules` and run `inv update-sops-files`.
diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix
index 0d657b8..17e629f 100644
--- a/modules/darwin/common/default.nix
+++ b/modules/darwin/common/default.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ inputs, pkgs, ... }:
 {
   imports = [
     ./apfs-cleanup.nix
@@ -12,14 +12,12 @@
   # TODO: refactor this to share /users with nixos
   # if user is removed the keys need to be removed manually from /etc/ssh/authorized_keys.d
   users.users = {
-    hetzner.openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbBp2dH2X3dcU1zh+xW3ZsdYROKpJd3n13ssOP092qE" # mic92
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO37rmfhCI8e1aflMe1AlfK3zf9tXPHjV9dCb1FBupWt" # ryantm
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuiDoBOxgyer8vGcfAIbE6TC4n4jo8lhG9l01iJ0bZz" # zimbatm
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFbCYwWByGE46XHH4Q0vZgQ5sOUgbH50M8KO2xhBC4m/" # zowoq
-      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtr+rcxCZBAAqt8ocvhEEdBWfnRBCljjQPtC6Np24Y3H/HMe3rugsu3OhPscRV1k5hT+UlA2bpN8clMFAfK085orYY7DMUrgKQzFB7GDnOvuS1CqE1PRw7/OHLcWxDwf3YLpa8+ZIwMHFxR2gxsldCLGZV/VukNwhEvWs50SbXwVrjNkwA9LHy3Or0i6sAzU711V3B2heB83BnbT8lr3CKytF3uyoTEJvDE7XMmRdbvZK+c48bj6wDaqSmBEDrdNncsqnReDjScdNzXgP1849kMfIUwzXdhEF8QRVfU8n2A2kB0WRXiGgiL4ba5M+N9v1zLdzSHcmB0veWGgRyX8tN cardno:FF7F00" # adisbladis
-    ];
+    hetzner.openssh.authorizedKeys = {
+      keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPVjRBomWFJNNkZb0g5ymLmc3pdRddIScitmJ9yC+ap" # deployment
+      ];
+      keyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys";
+    };
   };
 
   nixCommunity.gc.gbFree = 25;