diff --git a/config/hosts/imxyy-nix-server/build.nix b/config/hosts/imxyy-nix-server/build.nix index d6baa8d..b0f790e 100644 --- a/config/hosts/imxyy-nix-server/build.nix +++ b/config/hosts/imxyy-nix-server/build.nix @@ -1,7 +1,9 @@ { + lib, config, pkgs, secrets, + hosts, ... }: { @@ -30,13 +32,7 @@ isSystemUser = true; description = "nix remote build user"; group = "nixremote"; - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" - + openssh.authorizedKeys.keys = (lib.mapAttrsToList (host: key: "${key} ${host}") hosts) ++ [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix" ]; }; diff --git a/config/hosts/imxyy-nix-server/net.nix b/config/hosts/imxyy-nix-server/net.nix index 1119c3d..24dce8b 100644 --- a/config/hosts/imxyy-nix-server/net.nix +++ b/config/hosts/imxyy-nix-server/net.nix @@ -3,6 +3,7 @@ lib, pkgs, username, + hosts, secrets, ... }: @@ -127,18 +128,12 @@ PasswordAuthentication = true; }; }; - users.users.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" - ]; - users.users.${username}.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16" - ]; + users.users.root.openssh.authorizedKeys.keys = lib.mapAttrsToList ( + host: key: "${key} ${host}" + ) hosts; + users.users.${username}.openssh.authorizedKeys.keys = lib.mapAttrsToList ( + host: key: "${key} ${host}" + ) hosts; sops.secrets.dae-imxyy-nix-server = { sopsFile = secrets.dae-imxyy-nix-server; diff --git a/modules/cli/vcs/git.nix b/modules/cli/vcs/git.nix index b290555..d86e8d8 100644 --- a/modules/cli/vcs/git.nix +++ b/modules/cli/vcs/git.nix @@ -4,7 +4,8 @@ pkgs, username, userfullname, - useremail, + emails, + hosts, ... }: let @@ -21,14 +22,18 @@ in enable = true; settings = { gpg.ssh.allowedSignersFile = - (pkgs.writeText "allowed_signers" '' - imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix - imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix - '').outPath; + hosts + |> lib.mapAttrsToList ( + host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails) + ) + |> lib.flatten + |> lib.concatStringsSep "\n" + |> pkgs.writeText "allowed-signers" + |> toString; push.autoSetupRemote = true; user = { name = userfullname; - email = useremail; + email = emails.default; }; }; signing = { diff --git a/modules/cli/vcs/jj.nix b/modules/cli/vcs/jj.nix index 5ac2615..9680924 100644 --- a/modules/cli/vcs/jj.nix +++ b/modules/cli/vcs/jj.nix @@ -4,7 +4,8 @@ pkgs, username, userfullname, - useremail, + emails, + hosts, ... }: let @@ -21,8 +22,8 @@ in enable = true; settings = { user = { - name = "${userfullname}"; - email = "${useremail}"; + name = userfullname; + email = emails.default; }; ui = { graph.style = "square"; @@ -34,14 +35,18 @@ in behavior = "own"; key = "/home/${username}/.ssh/id_ed25519"; backends.backends.ssh.allowed-signers = - (pkgs.writeText "allowed_signers" '' - imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix - imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix - '').outPath; + hosts + |> lib.mapAttrsToList ( + host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails) + ) + |> lib.flatten + |> lib.concatStringsSep "\n" + |> pkgs.writeText "allowed-signers" + |> toString; }; }; }; - home.packages = [ pkgs.lazyjj ]; + programs.jjui.enable = true; programs.starship = { settings = { custom = { diff --git a/vars.nix b/vars.nix index 8f805ca..c9244e3 100644 --- a/vars.nix +++ b/vars.nix @@ -2,5 +2,18 @@ rec { username = "imxyy"; userfullname = "imxyy_soope_"; userdesc = userfullname; - useremail = "imxyy1soope1@gmail.com"; + emails = rec { + gmail = "imxyy1soope1@gmail.com"; + selfhost = "imxyy@imxyy.top"; + default = gmail; + }; + hosts = { + "imxyy@imxyy-nix" = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO"; + "imxyy-ace5" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT"; + "imxyy@imxyy-nix-x16" = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/"; + "imxyy_soope_@imxyy-cloudwin" = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE"; + }; }