refactor: keys & emails

2025-11-24 18:04:11 +08:00
parent b8597104b3
commit d0cffe4f1c
5 changed files with 48 additions and 34 deletions
--- a/config/hosts/imxyy-nix-server/build.nix
+++ b/config/hosts/imxyy-nix-server/build.nix
@@ -1,7 +1,9 @@
 {
+  lib,
  config,
  pkgs,
  secrets,
+  hosts,
  ...
 }:
 {
@@ -30,13 +32,7 @@
    isSystemUser = true;
    description = "nix remote build user";
    group = "nixremote";
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE imxyy_soope_@imxyy-cloudwin"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16"
-
+    openssh.authorizedKeys.keys = (lib.mapAttrsToList (host: key: "${key} ${host}") hosts) ++ [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIENauvvhVMLsUwH9cPYsvnOg7VCL3a4yEiKm8I524TE efl@efl-nix"
    ];
  };
--- a/config/hosts/imxyy-nix-server/net.nix
+++ b/config/hosts/imxyy-nix-server/net.nix
@@ -3,6 +3,7 @@
  lib,
  pkgs,
  username,
+  hosts,
  secrets,
  ...
 }:
@@ -127,18 +128,12 @@
      PasswordAuthentication = true;
    };
  };
-  users.users.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16"
-  ];
-  users.users.${username}.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBWOy0QmAyxENg/O5m3cus8U3c9jCLioivwcWsh5/a82 imxyy-hisense-pad"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT imxyy-ace5"
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ imxyy@imxyy-nix-x16"
-  ];
+  users.users.root.openssh.authorizedKeys.keys = lib.mapAttrsToList (
+    host: key: "${key} ${host}"
+  ) hosts;
+  users.users.${username}.openssh.authorizedKeys.keys = lib.mapAttrsToList (
+    host: key: "${key} ${host}"
+  ) hosts;

  sops.secrets.dae-imxyy-nix-server = {
    sopsFile = secrets.dae-imxyy-nix-server;
--- a/modules/cli/vcs/git.nix
+++ b/modules/cli/vcs/git.nix
@@ -4,7 +4,8 @@
  pkgs,
  username,
  userfullname,
-  useremail,
+  emails,
+  hosts,
  ...
 }:
 let
@@ -21,14 +22,18 @@ in
        enable = true;
        settings = {
          gpg.ssh.allowedSignersFile =
-            (pkgs.writeText "allowed_signers" ''
-              imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix
-              imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix
-            '').outPath;
+            hosts
+            |> lib.mapAttrsToList (
+              host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails)
+            )
+            |> lib.flatten
+            |> lib.concatStringsSep "\n"
+            |> pkgs.writeText "allowed-signers"
+            |> toString;
          push.autoSetupRemote = true;
          user = {
            name = userfullname;
-            email = useremail;
+            email = emails.default;
          };
        };
        signing = {
--- a/modules/cli/vcs/jj.nix
+++ b/modules/cli/vcs/jj.nix
@@ -4,7 +4,8 @@
  pkgs,
  username,
  userfullname,
-  useremail,
+  emails,
+  hosts,
  ...
 }:
 let
@@ -21,8 +22,8 @@ in
        enable = true;
        settings = {
          user = {
-            name = "${userfullname}";
-            email = "${useremail}";
+            name = userfullname;
+            email = emails.default;
          };
          ui = {
            graph.style = "square";
@@ -34,14 +35,18 @@ in
            behavior = "own";
            key = "/home/${username}/.ssh/id_ed25519";
            backends.backends.ssh.allowed-signers =
-              (pkgs.writeText "allowed_signers" ''
-                imxyy1soope1@gmail.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix
-                imxyy@imxyy.top ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO imxyy@imxyy-nix
-              '').outPath;
+              hosts
+              |> lib.mapAttrsToList (
+                host: key: map (email: "${email} ${key} ${host}") (builtins.attrValues emails)
+              )
+              |> lib.flatten
+              |> lib.concatStringsSep "\n"
+              |> pkgs.writeText "allowed-signers"
+              |> toString;
          };
        };
      };
-      home.packages = [ pkgs.lazyjj ];
+      programs.jjui.enable = true;
      programs.starship = {
        settings = {
          custom = {
--- a/vars.nix
+++ b/vars.nix
@@ -2,5 +2,18 @@ rec {
  username = "imxyy";
  userfullname = "imxyy_soope_";
  userdesc = userfullname;
-  useremail = "imxyy1soope1@gmail.com";
+  emails = rec {
+    gmail = "imxyy1soope1@gmail.com";
+    selfhost = "imxyy@imxyy.top";
+    default = gmail;
+  };
+  hosts = {
+    "imxyy@imxyy-nix" =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO";
+    "imxyy-ace5" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK8pivvE8PMtsOxmccfNhH/4KehDKhBfUfJbQZxo/SZT";
+    "imxyy@imxyy-nix-x16" =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/";
+    "imxyy_soope_@imxyy-cloudwin" =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKALTBn/QSGcSPgMg0ViSazFcaA0+nEF05EJpjbsI6dE";
+  };
 }