From 00b681eca52255a7aaaed2e074137ee3ebf1be01 Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Sun, 8 Jan 2023 03:14:47 +0000
Subject: [PATCH] ssh: manager ourself instead of using home-manager

---
 hosts/common/users.nix       |  5 -----
 modules/home-manager/ssh.nix | 11 ++++++-----
 2 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/hosts/common/users.nix b/hosts/common/users.nix
index 234dcf6d5..f0a4738f4 100644
--- a/hosts/common/users.nix
+++ b/hosts/common/users.nix
@@ -52,11 +52,6 @@ in
       passwordFile = lib.mkIf (config.sops.secrets ? "colin-passwd") config.sops.secrets.colin-passwd.path;
 
       shell = pkgs.zsh;
-      openssh.authorizedKeys.keys =
-      let
-        user-keys = filter (k: k.user == "colin") (attrValues config.sane.ssh.pubkeys);
-      in
-        map (k: k.asUserKey) user-keys;
 
       # mount encrypted stuff at login
       # some other nix pam users:
diff --git a/modules/home-manager/ssh.nix b/modules/home-manager/ssh.nix
index eb90890e6..afd7c4eab 100644
--- a/modules/home-manager/ssh.nix
+++ b/modules/home-manager/ssh.nix
@@ -13,10 +13,11 @@ in lib.mkIf config.sane.home-manager.enable {
   # ssh key is stored in private storage
   sane.persist.home.private = [ ".ssh/id_ed25519" ];
   sane.fs."/home/colin/.ssh/id_ed25519.pub" = sane-lib.fs.wantedText user-pubkey;
+  sane.fs."/home/colin/.ssh/known_hosts" = sane-lib.fs.wantedText known-hosts-text;
 
-  home-manager.users.colin = {
-    programs.ssh.enable = true;
-    # this optionally accepts multiple known_hosts paths, separated by space.
-    programs.ssh.userKnownHostsFile = toString (pkgs.writeText "known_hosts" known-hosts-text);
-  };
+  users.users.colin.openssh.authorizedKeys.keys =
+  let
+    user-keys = filter (k: k.user == "colin") (attrValues config.sane.ssh.pubkeys);
+  in
+    map (k: k.asUserKey) user-keys;
 }