From 63aa6f583166bec554d3e7e1bd81a82c6aba8bf7 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Fri, 31 May 2024 22:02:52 +0200
Subject: [PATCH] sops -> pass : add syncoid ssh key

---
 flake.nix                               | 9 +++++++++
 nixos/machines/chungus/sync-syncoid.nix | 4 ++--
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index f595174..b63e10c 100644
--- a/flake.nix
+++ b/flake.nix
@@ -206,6 +206,15 @@
           _module.args.self = self;
           _module.args.inputs = self.inputs;
         }
+        # ssh keys
+        ({ config, ... }: {
+          users.users.root.openssh.authorizedKeys.keyFiles = [
+          # master key
+            ./nixos/assets/ssh/palo_rsa.pub
+            # backup key
+            "${config.clanCore.clanDir}/machines/chungus/facts/syncoid.ssh.id_ed25519.pub"
+          ];
+        })
         # configure nix
         ({ pkgs, ... }:
           {
diff --git a/nixos/machines/chungus/sync-syncoid.nix b/nixos/machines/chungus/sync-syncoid.nix
index 666cbfe..16cd4b5 100644
--- a/nixos/machines/chungus/sync-syncoid.nix
+++ b/nixos/machines/chungus/sync-syncoid.nix
@@ -1,4 +1,4 @@
-{ config, ... }:
+{ pkgs, config, ... }:
 {
 
   clanCore.facts.services.syncoid = {
@@ -7,7 +7,7 @@
     generator.path = with pkgs; [ coreutils openssh ];
     generator.script = ''
       ssh-keygen -t ed25519 -N "" -f $secrets/syncoid.ssh.id_ed25519
-      mv $secrets/ssh.id_ed25519.pub $facts/syncoid.ssh.id_ed25519.pub
+      mv $secrets/syncoid.ssh.id_ed25519.pub $facts/syncoid.ssh.id_ed25519.pub
     '';
   };