Added master keys

config/hosts/lambda.nix

@@ -14,6 +14,10 @@
   profile = "server";
   # ssh-pubkey =
   #   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPB5JY6jnHCRLxjqWKYkK8Xpmfyq2nA+0noPazYGd9a+";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBr+kFxYjFp/BoaKT2SPV7aVTEspY/7bQ5RycElczGg";
+    key-path = "/state/master-key/key";
+  };
   enable-gui = false;
   arch = "x86_64-linux";
   nixos-system = true;

config/hosts/limina.nix

@@ -17,4 +17,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "0a1d961dbcc04037ab7938f15801c765";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA44EqP6HHjIPBFuxKvi2oZc1sNU+N4pNMtlS89KWuDm";
+    key-path = "/state/master-key/key";
+  };
 }

config/hosts/nostromo.nix

@@ -17,4 +17,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "709076ea18254f8f9097c4e54dde5ab3";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIODtNR4b43ZJgyGo9Hc+CmC4+bzgxbsVYI9fhDqjyRSo";
+    key-path = "/state/master-key/key";
+  };
 }

config/hosts/plato.nix

@@ -20,4 +20,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "988f39a3b6ab454e9d7dad65bfe36bbe";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgAzn6gyG1ze7L1WLU84poPGcoUntqfvgn+/s3bxhR2";
+    key-path = "/state/master-key/key";
+  };
 }

config/hosts/socrates.nix

@@ -17,4 +17,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "edc4baa9cc1c401dba1bf870725b4bf0";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINmJJFbAV8P1V1LSZr56GJ5ul3LBgdapbh+MK3ixTsxf";
+    key-path = "/state/master-key/key";
+  };
 }

config/hosts/spark.nix

@@ -18,4 +18,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "63dbd567d55a468482aa15d8aa9097f6";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGs8MfR3d6f1Llqk5dn/ypODUT1Oi4SQGof/YvOPNf14";
+    key-path = "/state/master-key/key";
+  };
 }

config/hosts/system3.nix

@@ -18,4 +18,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "39ebe622cf40413b950d832105e0bb2e";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEaF5T7Pb613C31BJVj74WYx4Pytj/lmH+PqjkqoNNkQ";
+    key-path = "/state/master-key/key";
+  };
 }

config/hosts/zbox.nix

@@ -18,4 +18,8 @@
   arch = "x86_64-linux";
   nixos-system = true;
   machine-id = "e5f456e3183a4dc186181a70bc3af2d1";
+  master-key = {
+    public-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsn68vDKV4jnBuICSDX/2Gpnshbrz0r9t4lXIke1vqh";
+    key-path = "/state/master-key/key";
+  };
 }

lib/fudo/hosts.nix

@@ -286,7 +286,7 @@ in {
 
       build-private-key-file =
         if (hasAttr hostname config.fudo.secrets.files.build-keypairs) then
-          config.fudo.secrets.files.build-keypairs.${hostname}
+          config.fudo.secrets.files.build-keypairs.${hostname}.private-key
         else null;
     in {
       host-keytab = mkIf (keytab-file != null) {

lib/fudo/ssh.nix

@@ -27,6 +27,8 @@ let
     '';
   };
 
+  host-cfg = config.fudo.hosts.${hostname};
+
 in {
   config = {
     fudo = {
@@ -65,15 +67,15 @@ in {
       crossProduct = f: list0: list1:
         concatMap (el0: map (el1: f el0 el1) list1) list0;
 
-      all-hostnames = opts:
-        [ opts.hostname ] ++
+      all-hostnames = hostname: opts:
+        [ hostname ] ++
         (crossProduct (host: domain: "${host}.${domain}")
-          ([ opts.hostname ] ++ opts.aliases)
+          ([ hostname ] ++ opts.aliases)
           ([ opts.domain ] ++ opts.extra-domains));
 
     in mapAttrs (hostname: hostOpts: {
       publicKeyFile = builtins.head hostOpts.ssh-pubkeys;
-      hostNames = all-hostnames host-cfg;
+      hostNames = all-hostnames hostname host-cfg;
     }) keyed-hosts;
   };
 }

nix-home

@@ -1 +1 @@
-Subproject commit dcab43275a732e9a3e3c66c9a92132b4290838d3
+Subproject commit 3f509d08290003c27c51049a8f04e076a79570b7