Support multiple keys per user

Every key is just a new line in the $USER.pub file. This is not automatically
reflected to gitolite, which uses a separate config, so I'll need to come up
with a way to replace gitolite someday.

1 files changed, 12 insertions, 7 deletions

diff --git a/Biz/Users.nix b/Biz/Users.nix
index 0f68b50..e0e2d94 100644
--- a/Biz/Users.nix
+++ b/Biz/Users.nix
@@ -1,6 +1,12 @@
-{ config, ... }:
+{ config, lib, ... }:
 
-{
+let
+  readKeys = k: lib.trivial.pipe k [
+    builtins.readFile
+    (lib.strings.splitString "\n")
+    (lib.filter (s: s != ""))
+  ];
+in {
   users.motd = ''
 
   welcome to the simatime network!
@@ -14,20 +20,19 @@
     deploy = {
       isNormalUser = true;
       home = "/home/deploy";
-      openssh.authorizedKeys.keyFiles = [ ./Keys/Deploy.key ];
+      openssh.authorizedKeys.keys = readKeys ./Keys/Deploy.pub;
       extraGroups = [ "wheel" ];
     };
     #
     # humans
     #
-    root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ];
-    root.password = "erewhon";
+    root.openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
 
     ben = {
       description = "Ben Sima";
       isNormalUser = true;
       home = "/home/ben";
-      openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ];
+      openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
       extraGroups = [ "wheel" "docker" ];
       hashedPassword =
         "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY.";
@@ -36,7 +41,7 @@
       description = "Nick Sima";
       isNormalUser = true;
       home = "/home/nick";
-      openssh.authorizedKeys.keyFiles = [ ./Keys/Nick.key ];
+      openssh.authorizedKeys.keys = readKeys ./Keys/Nick.pub;
       extraGroups = [ "docker" ];
     };
   };