hosts/server: always add root SSH key

2025-03-30 17:01:51 +01:00 · 2025-03-30 17:01:51 +01:00 · ae4a0ebf84
commit ae4a0ebf84
parent 863a02769f
4 changed files with 16 additions and 30 deletions
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@ -1,6 +1,5 @@
 {
  inputs,
-  lib,
  ...
 }:

@ -25,18 +24,6 @@
    };
  };

-  users = {
-    users = {
-      root = {
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
-        ];
-      };
-    };
-  };
-
-  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
-
  modules = {
    services = {
      borgmatic = {
--- a/hosts/server.nix
+++ b/hosts/server.nix
@ -1,7 +1,11 @@
 {
+  lib,
  ...
 }:

+let
+  inherit (lib) mkForce;
+in
 {
  imports = [
    ./common.nix
@ -29,6 +33,16 @@
    # };
  };

+  users = {
+    users = {
+      root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
+        ];
+      };
+    };
+  };
+
  systemd = {
    enableEmergencyMode = false;

@ -56,6 +70,8 @@
    ];
  };

+  services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
+
  modules.services.tailscale = {
    enable = true;
    restrictSSH = false;
--- a/hosts/skycam/default.nix
+++ b/hosts/skycam/default.nix
@ -1,7 +1,6 @@
 {
  inputs,
  config,
-  lib,
  pkgs,
  ...
 }:
@ -82,14 +81,6 @@
    };
  };

-  users.users.root = {
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
-    ];
-  };
-
-  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
-
  systemd.services.ustreamer = {
    enable = true;
    description = "uStreamer service";
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@ -1,5 +1,4 @@
 {
-  lib,
  ...
 }:

@ -41,19 +40,12 @@
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
        ];
      };
-      root = {
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
-        ];
-      };
    };
    groups = {
      jellyfin = { };
    };
  };

-  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
-
  modules = {
    services = {
      borgmatic = {