openssh keys cleanup

jawz.nix

@@ -5,6 +5,7 @@ in
 {
   sops.secrets =
     let
+      baseDir = ".ssh/ed25519";
       keyConfig = file: {
         sopsFile = ./secrets/keys.yaml;
         owner = config.users.users.jawz.name;
@@ -14,10 +15,10 @@ in
     in
     {
       jawz-password.neededForUsers = true;
-      "private_keys/age" = keyConfig ".ssh/ed25519_age";
-      "public_keys/age" = keyConfig ".ssh/ed25519_age.pub";
-      "private_keys/${hostName}" = keyConfig ".ssh/ed25519_${hostName}";
-      "git_private_keys/${hostName}" = keyConfig ".ssh/ed25519_git";
+      "private_keys/age" = keyConfig "${baseDir}_age";
+      "public_keys/age" = keyConfig "${baseDir}_age.pub";
+      "private_keys/${hostName}" = keyConfig "${baseDir}_${hostName}";
+      "git_private_keys/${hostName}" = keyConfig "${baseDir}_git";
       "syncthing_keys/${hostName}" = keyConfig ".config/syncthing/key.pem";
       "syncthing_certs/${hostName}" = keyConfig ".config/syncthing/cert.pem";
     };
@@ -64,13 +65,13 @@ in
       "libvirt"
       "rslsync"
     ];
-    openssh.authorizedKeys.keys = [
-      (builtins.readFile ./secrets/ssh/ed25519_deacero.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_workstation.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_server.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_miniserver.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_galaxy.pub)
-      (builtins.readFile ./secrets/ssh/ed25519_phone.pub)
+    openssh.authorizedKeys.keyFiles = [
+      ./secrets/ssh/ed25519_deacero.pub
+      ./secrets/ssh/ed25519_workstation.pub
+      ./secrets/ssh/ed25519_server.pub
+      ./secrets/ssh/ed25519_miniserver.pub
+      ./secrets/ssh/ed25519_galaxy.pub
+      ./secrets/ssh/ed25519_phone.pub
     ];
   };
 }