sync config for substituters and authorized keys

2024-05-25 19:15:19 -07:00
parent 426e8af497
commit 0417eeadb0
4 changed files with 31 additions and 14 deletions
--- a/common-config.nix
+++ b/common-config.nix
@@ -8,6 +8,9 @@
  )) + "\n";
 in {
  options = {
+    vacu.ssh.authorizedKeys = mkOption {
+      type = types.listOf types.str;
+    };
    vacu.ssh.config = mkOption {
      type = types.lines;
    };
@@ -97,14 +100,33 @@ in {
        }
      '';
    };
+    vacu.nix.extraSubstituters = mkOption { type = types.listOf types.str; };
+    vacu.nix.extraTrustedKeys = mkOption { type = types.listOf types.str; };
  };
  config = {
+    vacu.nix.extraSubstituters = [
+      "https://nixcache.shelvacu.com/"
+      "https://nix-community.cachix.org/"
+    ];
+    vacu.nix.extraTrustedKeys = [
+      "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM="
+    ];
    assertions = flip mapAttrsToList cfg.ssh.knownHosts (name: data: {
      assertion = (data.publicKey == null && data.publicKeyFile != null) ||
                  (data.publicKey != null && data.publicKeyFile == null);
      message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
    });
-    time.timeZone = mkDefault "America/Los_Angeles";
+    vacu.ssh.authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86" # Termux on pixel6pro
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp" # t460s windows
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsErA6M9LSHj2hPlLuHD8Lpei7WjMup1JxI1vxA6B8W" # pixel6pro nix-on-droid
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoy1TrmfhBGWtVedgOM1FB1oD2UdodN3LkBnnLx6Tug" # compute-deck
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVeSzDkGTueZijB0xUa08e06ovAEwwZK/D+Cc7bo91g" # triple-dezert
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtwtao/TXbiuQOYJbousRPVesVcb/2nP0PCFUec0Nv8" # triple-dezert (root)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I" # compute-deck (root)
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcRDekd8ZOYfQS5X95/yNof3wFYIbHqWeq4jY0+ywQX" # pro1x nix-on-droid
+    ];
    vacu.ssh.config = ''
      Host deckvacu
        User deck
--- a/common-nixos-config.nix
+++ b/common-nixos-config.nix
@@ -32,22 +32,14 @@
      keyMap = lib.mkDefault "us";
    };
    environment.systemPackages = (import ./common-packages.nix { inherit pkgs inputs; }) ++ [
-      inputs.nix-search-cli.packages.${pkgs.system}.default
+      
    ] ++ (if config.services.xserver.enable then [ pkgs.xorg.xev ] else []);

    i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
+    time.timeZone = "America/Los_Angeles";

    users.users.shelvacu = {
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC4LYvUe9dsQb9OaTDFI4QKPtMmOHOGLwWsXsEmcJW86 u0_a132@localhost"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp shelvacu@DESKTOP-DG7QKO2"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsErA6M9LSHj2hPlLuHD8Lpei7WjMup1JxI1vxA6B8W nix-on-droid@localhost" #pixel6pro
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoy1TrmfhBGWtVedgOM1FB1oD2UdodN3LkBnnLx6Tug shelvacu@compute-deck"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVeSzDkGTueZijB0xUa08e06ovAEwwZK/D+Cc7bo91g shelvacu@triple-dezert"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtwtao/TXbiuQOYJbousRPVesVcb/2nP0PCFUec0Nv8 root@triple-dezert"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I root@compute-deck"
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcRDekd8ZOYfQS5X95/yNof3wFYIbHqWeq4jY0+ywQX nix-on-droid@localhost" #pro1x
-      ];
+      openssh.authorizedKeys.keys = config.vacu.ssh.authorizedKeys;
      isNormalUser = true;
      extraGroups = [ "wheel" ];
    };
@@ -74,8 +66,8 @@

    nix.settings = {
      experimental-features = [ "nix-command" "flakes" ];
-      substituters = [ "https://nixcache.shelvacu.com"];
-      trusted-public-keys = [ "nixcache.shelvacu.com:73u5ZGBpPRoVZfgNJQKYYBt9K9Io/jPwgUfuOLsJbsM=" ];
+      substituters = config.vacu.nix.extraSubstituters;
+      trusted-public-keys = config.vacu.nix.extraTrustedKeys;
    };
    nixpkgs.config.allowUnfree = lib.mkDefault true;

--- a/common-packages.nix
+++ b/common-packages.nix
@@ -1,4 +1,5 @@
 { pkgs, inputs }: (with pkgs; [
+  inputs.nix-search-cli.packages.${pkgs.system}.default
  inputs.nix-inspect.packages.${pkgs.system}.default
  nixos-rebuild
  nano
--- a/nix-on-droid.nix
+++ b/nix-on-droid.nix
@@ -47,6 +47,8 @@
  nix.extraOptions = ''
    experimental-features = nix-command flakes
  '';
+  nix.substituters = config.vacu.nix.extraSubstituters;
+  nix.trustedPublicKeys = config.vacu.nix.extraTrustedKeys;

  environment.sessionVariables."PS1" = "\\w $ ";