Factor out users and ssh keys in one place

README.md

@@ -19,8 +19,7 @@ nix run
   - Clone this repo at `/etc/nixos`
   - Edit `flake.nix` and 
     - add your Linux's hostname in the `nixosConfigurations` set, as well as
-    - update `people.myself` to your desired username.
-      - put your SSH keys in `./nixos/takemessh`
+    - update `users.nix` to contain your user(s) information
   - Run `nix run`. That's it. Re-open your shell.
 - macOS: 
     - Install Nix normally (multi-user)

config.nix

@@ -8,6 +8,12 @@ let
       email = lib.mkOption {
         type = lib.types.str;
       };
+      sshKeyPub = lib.mkOption {
+        type = lib.types.str;
+        description = ''
+          SSH public key
+        '';
+      };
     };
   };
   peopleSubmodule = lib.types.submodule {

flake.nix

@@ -50,16 +50,7 @@
 
       people = {
         myself = "srid";
-        users = {
-          srid = {
-            name = "Sridhar Ratnakumar";
-            email = "srid@srid.ca";
-          };
-          uday = {
-            name = "Uday Kiran";
-            email = "udaycruise2903@gmail.com";
-          };
-        };
+        users = import ./users.nix;
       };
 
       flake = {

nixos/default.nix

@@ -27,7 +27,7 @@ in
         inputs.agenix.nixosModule
         ./caches
         ./self-ide.nix
-        ./takemessh
+        ./ssh-authorize.nix
         ./current-location.nix
       ];
     };

nixos/ssh-authorize.nix

@@ -0,0 +1,18 @@
+{ config, pkgs, lib, flake, ... }:
+
+{
+  # Let me login
+  users.users =
+    let
+      people = flake.config.people;
+      myPubKey = people.users.${people.myself}.sshKeyPub;
+    in
+    {
+      root.openssh.authorizedKeys.keys = [
+        myPubKey
+      ];
+      ${people.myself}.openssh.authorizedKeys.keys = [
+        myPubKey
+      ];
+    };
+}

nixos/takemessh/default.nix

@@ -1,9 +0,0 @@
-{ config, pkgs, lib, flake, ... }:
-
-{
-  # Let me login
-  users.users = {
-    root.openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
-    ${flake.config.people.myself}.openssh.authorizedKeys.keys = [ (builtins.readFile ./id_rsa.pub) ];
-  };
-}

nixos/takemessh/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos

secrets/secrets.nix

@@ -1,6 +1,6 @@
 let
   keys = [
-    (builtins.readFile ../nixos/takemessh/id_rsa.pub)
+    (import ../users.nix).srid.sshKeyPub
     (import ../systems/hetzner/ax41.info.nix).hostKeyPub
   ];
 in

users.nix

@@ -0,0 +1,11 @@
+{
+  srid = {
+    name = "Sridhar Ratnakumar";
+    email = "srid@srid.ca";
+    sshKeyPub = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCYQ003p7fB5ICQehLwhDBomY9WzkNBeijkSw9ADGU+ECrPakeIH3pntUWRJH1W93vKnLqpkn6HLGEXD9MCR0s98uhh8hT7uAYCxQTbEeKT3PYkfz3oe7XaR8rE601sds0ZyFwH7l8cvK97pGr+uhFXAaohiV6VqmLVXhManEjZZ8GfYWBD9BCmIJk43G3OGa5QYFeHqztprXaJNU5dFPv2Uq2C+L6EvfCfkK2OO1BLZgL+Rai5jjyy6k0fcfsxxd9BdGUwqDhcBeyTIzX9rePMugf/xD+6uNRxTU+vjVpGUtFOw6rpgmVyFv9mn3QMNdQBc5hYKVbIQwMNGTzGgcQv srid@nixos";
+  };
+  uday = {
+    name = "Uday Kiran";
+    email = "udaycruise2903@gmail.com";
+  };
+}