From b425f839d01e0751be894a834b8772731f063f80 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cyryl=20P=C5=82otnicki?= <cyplo@cyplo.net>
Date: Sun, 27 Jun 2021 08:38:54 +0100
Subject: [PATCH] new key for foureighty

---
 nixos/server-security.nix | 53 ++++++++++++++++++---------------------
 1 file changed, 25 insertions(+), 28 deletions(-)

diff --git a/nixos/server-security.nix b/nixos/server-security.nix
index 03ced51d..6a63b879 100644
--- a/nixos/server-security.nix
+++ b/nixos/server-security.nix
@@ -1,35 +1,32 @@
 { config, pkgs, ... }:
-{
-  imports = [
-    ./security.nix
-  ];
-  security.acme.email = "admin@cyplo.dev";
-  security.acme.acceptTerms = true;
-
-  services.fail2ban.enable = true;
-
-  services.openssh = {
-    enable = true;
-    permitRootLogin = "prohibit-password";
-    passwordAuthentication = false;
-  };
-
-  users.extraUsers.root.openssh.authorizedKeys.keys = [
-    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlCoSJ/2BHt0RqQUn2L9DPcCEJBJQWpq+74cpmeaGJL cyryl@foureighty"
+let
+  authorizedKeys = [
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5Ejx5CAPUfHVXi4GL4WmnZaG8eiiOmsW/a0o1bs1GF cyryl@foureighty"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1"
   ];
-
-  users.users.nix-builder = {
-    isNormalUser = true;
-    openssh.authorizedKeys.keys = [
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJlCoSJ/2BHt0RqQUn2L9DPcCEJBJQWpq+74cpmeaGJL cyryl@foureighty"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN/2C59i+ucvSa9FLCHlVPJp0zebLOcw0+hnBYwy0cY cyryl@skinnyv"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJwZ4M6lT2yzg8iarCzsLADAuXS4BUkLTt1+mKCECczk nix-builder@brix"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIALNEUIxbENTdhSWzYupGFn/q+AGe0diBOTMyiZAmv7F nix-builder@vultr1"
+in
+  {
+    imports = [
+      ./security.nix
     ];
-  };
+    security.acme.email = "admin@cyplo.dev";
+    security.acme.acceptTerms = true;
 
-  nix.trustedUsers = [ "root" "nix-builder" ];
-}
+    services.fail2ban.enable = true;
+
+    services.openssh = {
+      enable = true;
+      permitRootLogin = "prohibit-password";
+      passwordAuthentication = false;
+    };
+
+    users.extraUsers.root.openssh.authorizedKeys.keys = authorizedKeys;
+    users.users.nix-builder = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = authorizedKeys;
+    };
+
+    nix.trustedUsers = [ "root" "nix-builder" ];
+  }