From ae4a0ebf8463be0220ac614ab5e142e3253b3d77 Mon Sep 17 00:00:00 2001
From: Jordan Holt <jordan@vimium.com>
Date: Sun, 30 Mar 2025 17:01:51 +0100
Subject: [PATCH] hosts/server: always add root SSH key

---
 hosts/mail/default.nix   | 13 -------------
 hosts/server.nix         | 16 ++++++++++++++++
 hosts/skycam/default.nix |  9 ---------
 hosts/vps1/default.nix   |  8 --------
 4 files changed, 16 insertions(+), 30 deletions(-)

diff --git a/hosts/mail/default.nix b/hosts/mail/default.nix
index 490dd72..be3b42b 100644
--- a/hosts/mail/default.nix
+++ b/hosts/mail/default.nix
@@ -1,6 +1,5 @@
 {
   inputs,
-  lib,
   ...
 }:
 
@@ -25,18 +24,6 @@
     };
   };
 
-  users = {
-    users = {
-      root = {
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
-        ];
-      };
-    };
-  };
-
-  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
-
   modules = {
     services = {
       borgmatic = {
diff --git a/hosts/server.nix b/hosts/server.nix
index 09ed224..48fa19a 100644
--- a/hosts/server.nix
+++ b/hosts/server.nix
@@ -1,7 +1,11 @@
 {
+  lib,
   ...
 }:
 
+let
+  inherit (lib) mkForce;
+in
 {
   imports = [
     ./common.nix
@@ -29,6 +33,16 @@
     # };
   };
 
+  users = {
+    users = {
+      root = {
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
+        ];
+      };
+    };
+  };
+
   systemd = {
     enableEmergencyMode = false;
 
@@ -56,6 +70,8 @@
     ];
   };
 
+  services.openssh.settings.PermitRootLogin = mkForce "prohibit-password";
+
   modules.services.tailscale = {
     enable = true;
     restrictSSH = false;
diff --git a/hosts/skycam/default.nix b/hosts/skycam/default.nix
index 83b6442..4dec8fa 100644
--- a/hosts/skycam/default.nix
+++ b/hosts/skycam/default.nix
@@ -1,7 +1,6 @@
 {
   inputs,
   config,
-  lib,
   pkgs,
   ...
 }:
@@ -82,14 +81,6 @@
     };
   };
 
-  users.users.root = {
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
-    ];
-  };
-
-  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
-
   systemd.services.ustreamer = {
     enable = true;
     description = "uStreamer service";
diff --git a/hosts/vps1/default.nix b/hosts/vps1/default.nix
index d17173e..2ecb9e9 100644
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@@ -1,5 +1,4 @@
 {
-  lib,
   ...
 }:
 
@@ -41,19 +40,12 @@
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOaaS+KMAEAymZhIJGC4LK8aMhUzhpmloUgvP2cxeBH4 jellyfin"
         ];
       };
-      root = {
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILVHTjsyMIV4THNw6yz0OxAxGnC+41gX72UrPqTzR+OS jordan@vimium.com"
-        ];
-      };
     };
     groups = {
       jellyfin = { };
     };
   };
 
-  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
-
   modules = {
     services = {
       borgmatic = {