Support multiple keys per user

Every key is just a new line in the $USER.pub file. This is not automatically
reflected to gitolite, which uses a separate config, so I'll need to come up
with a way to replace gitolite someday.

7 files changed, 25 insertions, 13 deletions

diff --git a/Biz/Cloud/Git.nix b/Biz/Cloud/Git.nix
index 82761ce..b35b126 100644
--- a/Biz/Cloud/Git.nix
+++ b/Biz/Cloud/Git.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ pkgs, lib, ... }:
 
 {
   services = {
@@ -11,7 +11,11 @@
       extraGitoliteRc = ''
         $RC{SITE_INFO} = 'a computer is a bicycle for the mind.';
       '';
-      adminPubkey = builtins.readFile ../Keys/Ben.key;
+      adminPubkey = lib.trivial.pipe ../Keys/Ben.pub [
+        builtins.readFile
+        (lib.strings.splitString "\n")
+        lib.lists.head
+      ];
     };
   };
 }
diff --git a/Biz/Dev/Configuration.nix b/Biz/Dev/Configuration.nix
index a80183e..27f26c5 100644
--- a/Biz/Dev/Configuration.nix
+++ b/Biz/Dev/Configuration.nix
@@ -255,8 +255,10 @@ in {
     maxJobs = 1;
     sshServe = {
       enable = true;
-      keys = [
-        (builtins.readFile ../Keys/Ben.key)
+      keys = lib.trivial.pipe ../Keys/Ben.pub [
+        builtins.readFile
+        (lib.strings.splitString "\n")
+        (lib.filter (s: s != ""))
       ];
     };
     trustedUsers = [ "root" "ben" ];
diff --git a/Biz/Keys/Ben.key b/Biz/Keys/Ben.pub
index c661508..1038f92 100644
--- a/Biz/Keys/Ben.key
+++ b/Biz/Keys/Ben.pub
@@ -1 +1,2 @@
 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDDhmSEbvX6LSk1ZO/whhAWpxwUxGPwbn7ZKVmxLcIilLdkd/vhFQKSYyMBW+21G3cMbwyFVsCyPbADoXcvV5OSIklxgitP77/2TAgkEPjyklJ4KD0QNDjpu+YGGIyVTgE9YPBhpwuUlxRhux15vN8xzAXq4f5/xpyBPekIdbEaEUZHrKN/z9g8cgw9ZMWSrchbsE3QlU8MJK78HO+v3TjH7Ip+LffWNuhckiYnzT8Duy47vgc1OYqtJaDMN/ufK7yeNILK81M1ybHGOlqYxSfV/RM7oD0P5w5YeTXMpRsOyn4YVzhWSQFrlf08XbwlZUNm6Pb8eNRjM+3YyFTcUU/S81xKwOPRNNhlPnxz+tUltCR3H/0Falu1pxJYT2qfuM9j9z9xA1bJEsSSZ1b2bsHw7ujpRmg0xsPUk7DXIQ1Kh92BFfmDoZWeqsMF1E7H8iuaVsN9k96BwbBfiB4stQqI3ycuHO9zbsa12y8AQusDbr9W8rl/vR0pKNrcNO32ojOzkblJGWgyNxDvTS4l69+qi6pMBONicUUMQnXEtJoasjpECzwlAHIYJMmFQUuloEafR8b0ZAaCw+I5SfsyYF4hHLYseHvMavxgLNZ6W4ZlaL9XmQ7ZGhh10ub4ceW61QvCzKD34yO1yl8PcmS8Fa7bZbGxkq36oCusGbD65AlY+w== ben@lithium
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDakRPWoxb//V+cQAS3Rl9zfZ+izmgESTdnkawOmwu8rlbcrKENNGyAVoPVr1jQh4toK3zUnItwel3hqAMHf+2b1jUcKcrPC3rKh9SD86vX8lJsOMmq9u/g+Fp3kkmRUps802F1/53M9dVGGuVVtQDgycutJqlWKpH5JEpiLWkkq2ExWOqv13WcHzXUwyl3Fh/ubzZunaov37k794o7hqVY/H+Je2mULmWFVO2Dms3sU+czvgxUDMKIwc2ebLNFgziIDBfL81Funrg5rPeYxv7ayUK6oyPNW5FJrx3Kd+2U1ikqxqNERmu8FYRO3CDmxbfx+EB9PVHg8LWwdrTLJbDj ben@helium
diff --git a/Biz/Keys/Deploy.key b/Biz/Keys/Deploy.pub
index 664a2d9..664a2d9 100644
--- a/Biz/Keys/Deploy.key
+++ b/Biz/Keys/Deploy.pub
diff --git a/Biz/Keys/Nick.key b/Biz/Keys/Nick.pub
index 4dc08fb..4dc08fb 100644
--- a/Biz/Keys/Nick.key
+++ b/Biz/Keys/Nick.pub
diff --git a/Biz/Namespace.hs b/Biz/Namespace.hs
index 574a2fc..d3835c8 100644
--- a/Biz/Namespace.hs
+++ b/Biz/Namespace.hs
@@ -17,7 +17,7 @@ import qualified Data.Char as Char
 import qualified Data.List as List
 import qualified Text.Regex.Applicative as Regex
 
-data Ext = Hs | Scm | Nix | Md | Css | Py | Sh | Key | Json | None
+data Ext = Hs | Scm | Nix | Md | Css | Py | Sh | Keys | Json | None
   deriving (Eq, Show)
 
 data Namespace = Namespace [String] Ext
@@ -38,7 +38,7 @@ match = Regex.match <| Namespace </ path <* Regex.sym '.' <*> ext
         <|> Css <$ Regex.string "css"
         <|> Py <$ Regex.string "py"
         <|> Sh <$ Regex.string "sh"
-        <|> Key <$ Regex.string "key"
+        <|> Keys <$ Regex.string "pub"
         <|> Json <$ Regex.string "json"
 
 fromPath :: String -> String -> Maybe Namespace
diff --git a/Biz/Users.nix b/Biz/Users.nix
index 0f68b50..e0e2d94 100644
--- a/Biz/Users.nix
+++ b/Biz/Users.nix
@@ -1,6 +1,12 @@
-{ config, ... }:
+{ config, lib, ... }:
 
-{
+let
+  readKeys = k: lib.trivial.pipe k [
+    builtins.readFile
+    (lib.strings.splitString "\n")
+    (lib.filter (s: s != ""))
+  ];
+in {
   users.motd = ''
 
   welcome to the simatime network!
@@ -14,20 +20,19 @@
     deploy = {
       isNormalUser = true;
       home = "/home/deploy";
-      openssh.authorizedKeys.keyFiles = [ ./Keys/Deploy.key ];
+      openssh.authorizedKeys.keys = readKeys ./Keys/Deploy.pub;
       extraGroups = [ "wheel" ];
     };
     #
     # humans
     #
-    root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ];
-    root.password = "erewhon";
+    root.openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
 
     ben = {
       description = "Ben Sima";
       isNormalUser = true;
       home = "/home/ben";
-      openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.key ];
+      openssh.authorizedKeys.keys = readKeys ./Keys/Ben.pub;
       extraGroups = [ "wheel" "docker" ];
       hashedPassword =
         "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY.";
@@ -36,7 +41,7 @@
       description = "Nick Sima";
       isNormalUser = true;
       home = "/home/nick";
-      openssh.authorizedKeys.keyFiles = [ ./Keys/Nick.key ];
+      openssh.authorizedKeys.keys = readKeys ./Keys/Nick.pub;
       extraGroups = [ "docker" ];
     };
   };