From 30cc1f42b46841affd353f31249c2126d9593816 Mon Sep 17 00:00:00 2001
From: reidlab <reidlab325@gmail.com>
Date: Thu, 24 Aug 2023 17:47:19 -0700
Subject: [PATCH] use ssh keys instead of password

---
 hosts/server/authorizedKeys.nix | 10 ++++++++++
 hosts/server/default.nix        | 12 ++++++++++--
 lib/default.nix                 |  2 ++
 lib/helpers.nix                 | 18 ++++++++++++++++++
 4 files changed, 40 insertions(+), 2 deletions(-)
 create mode 100755 hosts/server/authorizedKeys.nix
 create mode 100755 lib/helpers.nix

diff --git a/hosts/server/authorizedKeys.nix b/hosts/server/authorizedKeys.nix
new file mode 100755
index 0000000..3c1f840
--- /dev/null
+++ b/hosts/server/authorizedKeys.nix
@@ -0,0 +1,10 @@
+[
+  # reidlab
+  { hostname = "reidlab@rei-pc";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICmwWuwS+a1GzYFSNOkgk/zF5bolXqat1RP5FXJv+vto reidlab@rei-pc";
+  }
+  {
+    hostname = "reidlab@rei-phone";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKC12NkyZAFNDHfq1ECh4uAgM4mpKfsQnL3XF/ZzSyCJ reidlab@rei-phone";
+  }
+]
diff --git a/hosts/server/default.nix b/hosts/server/default.nix
index 8e05c59..ff79636 100755
--- a/hosts/server/default.nix
+++ b/hosts/server/default.nix
@@ -1,6 +1,10 @@
 { config, lib, pkgs, ... }:
 
-{
+let
+  keys = import ./authorizedKeys.nix;
+  fetchSSH = (host: lib._.getSSH host keys);
+  fetchSSHKeys = map fetchSSH;
+in {
   imports = [
     ./hardware-configuration.nix
     ./webapps/default.nix
@@ -20,6 +24,10 @@
       conf = {
         packages = with pkgs; [ bat tree micro duf ];
         extraGroups = [ "wheel" "dotfiles" ];
+        openssh.authorizedKeys.keys = fetchSSHKeys [
+          "reidlab@rei-pc"
+          "reidlab@rei-phone"
+        ];
       };
 
       homeConf.home = {
@@ -39,7 +47,7 @@
     services = {
       ssh = {
         enable = true;
-        requirePassword = true;
+        requirePassword = false;
       };
 
       postgres.enable = true;
diff --git a/lib/default.nix b/lib/default.nix
index c015f0b..bb1cb9e 100755
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -4,8 +4,10 @@ lib.extend (self: super:
   let
     inherit (lib) attrValues foldr;
     inherit (modules) mapModules;
+    inherit (helpers) getSSH;
 
     modules = import ./modules.nix { inherit lib; };
+    helpers = import ./helpers.nix { inherit lib; };
   in {
     _ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file {
       inherit pkgs inputs;
diff --git a/lib/helpers.nix b/lib/helpers.nix
new file mode 100755
index 0000000..158ba75
--- /dev/null
+++ b/lib/helpers.nix
@@ -0,0 +1,18 @@
+{ lib, ... }:
+
+with lib;
+rec {
+  indexFrom = origin: name: item: list: foldr
+  (h: t:
+    if h.${origin} == name && hasAttr item h
+    then h.${item}
+    else t)
+  (error ''
+    No item at the origin point ${origin} with element ${name} found.
+    Please make sure that the item with that origin exists, and,
+    failing that, that it also has the requested item defined.
+  '')
+  list;
+
+  getSSH = name: keys: indexFrom "hostname" name "ssh" keys;
+}