From 7fcf8af4ad94d8e8a9b1041cd0ecf384910a3831 Mon Sep 17 00:00:00 2001
From: Dennis Wuitz <dennish@wuitz.de>
Date: Mon, 25 Dec 2023 18:54:38 +0100
Subject: [PATCH] fix user public keys

---
 flake.lock                              |  6 +++---
 flake.nix                               | 11 +++++++++--
 modules/boot.nix                        | 19 ++++++++-----------
 systems/configuration.nix               |  1 -
 systems/palatine-hill/configuration.nix |  3 +--
 users/alice/default.nix                 |  4 +++-
 users/default.nix                       |  5 ++---
 7 files changed, 26 insertions(+), 23 deletions(-)

diff --git a/flake.lock b/flake.lock
index 52a3900..5a2b3d5 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1703368619,
-        "narHash": "sha256-ZGPMYL7FMA6enhuwby961bBANmoFX14EA86m2/Jw5Jo=",
+        "lastModified": 1703499046,
+        "narHash": "sha256-A6wclPJCOMEYuD28KBOBTwHEVOKy3f9yvuMFAJ55dco=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "a2523ea0343b056ba240abbac90ab5f116a7aa7b",
+        "rev": "d5a917bab40daf4e5f82cd27162b8a6656d3beab",
         "type": "github"
       },
       "original": {
diff --git a/flake.nix b/flake.nix
index d165e61..0739b01 100644
--- a/flake.nix
+++ b/flake.nix
@@ -52,18 +52,25 @@
         ] ++ modules ++ fileList "modules"
         ++ map(user: { config, lib, pkgs, ... }@args: {
           users.users.${user} = import ./users/${user} (args // { name = "${user}"; });
+          boot.initrd.network.ssh.authorizedKeys = config.users.users.${user}.openssh.authorizedKeys.keys;
         }) users
         ++ map(user: { home-manager.users.${user} = import ./users/${user}/home.nix; }) users;
       };
     in {
       photon = constructSystem {
         hostname = "photon";
-        users = ["dennis"];
+        users = [
+          "alice"
+          "dennis"
+        ];
       };
 
       palatine-hill = constructSystem {
         hostname = "palatine-hill";
-        users = ["alice"];
+        users = [
+          "alice"
+          "dennis"
+        ];
       };
     };
   };
diff --git a/modules/boot.nix b/modules/boot.nix
index f95a004..e1d049a 100644
--- a/modules/boot.nix
+++ b/modules/boot.nix
@@ -14,6 +14,7 @@ in
         description = "The cpu-type installed on the server.";
       };
       amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";
+      fullDiskEncryption = libS.mkOpinionatedOption "use luks full disk encrytion";
     };
   };
 
@@ -22,18 +23,14 @@ in
       # networking for netcard kernelModules = [ "e1000e" ];
       kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
 
-      network.enable = true;
-      network.ssh = {
+      network = lib.mkIf cfg.fullDiskEncryption {
         enable = true;
-        hostKeys = [
-          "/root/ssh_key"
-        ];
-        port = 2222;
-      };
-      luks = {
-        devices."cryptroot" = {
-          device = "/dev/sda1";
-          preLVM = true;
+        ssh = {
+          enable = true;
+          hostKeys = [
+            "/root/ssh_key"
+          ];
+          port = 2222;
         };
       };
     };
diff --git a/systems/configuration.nix b/systems/configuration.nix
index 8f19128..f11a787 100644
--- a/systems/configuration.nix
+++ b/systems/configuration.nix
@@ -21,7 +21,6 @@
       enable = true;
       fixPermissions = true;
       extraConfig = ''StreamLocalBindUnlink yes'';
-      authorizedKeysFiles = [ "../users/dennis/keys/yubikey.pub" ];
       settings = {
         PermitRootLogin = "no";
         PasswordAuthentication = false;
diff --git a/systems/palatine-hill/configuration.nix b/systems/palatine-hill/configuration.nix
index 8d91dc7..ce7d8bc 100644
--- a/systems/palatine-hill/configuration.nix
+++ b/systems/palatine-hill/configuration.nix
@@ -2,9 +2,8 @@
 {
   time.timeZone = "America/New_York";
   console.keyMap = "us";
-  boot.zfs.extraPools = [ "ZFS-primary" ];
   networking.hostId = "dc2f9781";
-  boot.initrd.network.ssh.authorizedKeys = [ "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ];
+  boot.zfs.extraPools = [ "ZFS-primary" ];
 
   virtualisation = {
     docker = {
diff --git a/users/alice/default.nix b/users/alice/default.nix
index 556b6db..b056544 100644
--- a/users/alice/default.nix
+++ b/users/alice/default.nix
@@ -1,5 +1,7 @@
 { pkgs, lib, config, name, ... }:
 import ../default.nix {
   inherit pkgs lib config name;
-  pubKeys = [ "ed25516-AAAAAAA" ];
+  publicKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOGcqhLaKsjwAnb6plDavAhEyQHNvFS9Uh5lMTuwMhGF alice@parthenon-7588"
+  ];
 }
\ No newline at end of file
diff --git a/users/default.nix b/users/default.nix
index 3a0d346..7a54a5f 100644
--- a/users/default.nix
+++ b/users/default.nix
@@ -3,14 +3,13 @@
   config,
   pkgs,
   name,
-  pubKeys ? [],
+  publicKeys ? [],
   defaultShell ? "zsh",
 }:
 
 {
   inherit name;
   isNormalUser = true;
-  uid = 1000;
   extraGroups = [
     "wheel"
     "media"
@@ -24,5 +23,5 @@
     "uaccess"
   ];
   shell = pkgs.${defaultShell};
-  openssh.authorizedKeys.keys = pubKeys;
+  openssh.authorizedKeys.keys = publicKeys;
 }
\ No newline at end of file