From de5ad541b8a3f99ed7e0e66b66882bfd0f293468 Mon Sep 17 00:00:00 2001
From: Danilo Reyes <danilo.reyes.251@proton.me>
Date: Sun, 12 Oct 2025 20:28:39 -0600
Subject: [PATCH] Refactor SSH key management to use centralized key retrieval
 function for nixremote users across configurations.

---
 config/jawz.nix                     | 16 ++++++++--------
 hosts/miniserver/configuration.nix  |  6 +++---
 hosts/server/configuration.nix      |  6 +++---
 hosts/workstation/configuration.nix |  6 +++---
 modules/users/nixremote.nix         | 10 +++++-----
 parts/core.nix                      | 15 +++++++++++++++
 6 files changed, 37 insertions(+), 22 deletions(-)

diff --git a/config/jawz.nix b/config/jawz.nix
index 79affc4..ba7f85f 100644
--- a/config/jawz.nix
+++ b/config/jawz.nix
@@ -68,14 +68,14 @@ in
       "plugdev"
       "bluetooth"
     ];
-    openssh.authorizedKeys.keyFiles = [
-      ../secrets/ssh/ed25519_deacero.pub
-      ../secrets/ssh/ed25519_workstation.pub
-      ../secrets/ssh/ed25519_server.pub
-      ../secrets/ssh/ed25519_miniserver.pub
-      ../secrets/ssh/ed25519_galaxy.pub
-      ../secrets/ssh/ed25519_phone.pub
-      ../secrets/ssh/ed25519_vps.pub
+    openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
+      "deacero"
+      "workstation" 
+      "server"
+      "miniserver"
+      "galaxy"
+      "phone"
+      "vps"
     ];
   };
 }
diff --git a/hosts/miniserver/configuration.nix b/hosts/miniserver/configuration.nix
index b457615..cc56469 100644
--- a/hosts/miniserver/configuration.nix
+++ b/hosts/miniserver/configuration.nix
@@ -9,9 +9,9 @@
     nix.cores = 3;
     nix.maxJobs = 8;
     users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
-      ../../secrets/ssh/ed25519_nixworkstation.pub
-      ../../secrets/ssh/ed25519_nixserver.pub
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixworkstation"
+      "nixserver"
     ];
   };
   nix.buildMachines =
diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix
index b09561a..78671b1 100644
--- a/hosts/server/configuration.nix
+++ b/hosts/server/configuration.nix
@@ -13,9 +13,9 @@
   my = import ./toggles.nix { inherit config inputs; } // {
     nix.cores = 6;
     users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
-      ../../secrets/ssh/ed25519_nixworkstation.pub
-      ../../secrets/ssh/ed25519_nixminiserver.pub
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixworkstation"
+      "nixminiserver"
     ];
     network.firewall.enabledServicePorts = true;
     network.firewall.additionalPorts = [
diff --git a/hosts/workstation/configuration.nix b/hosts/workstation/configuration.nix
index 997c073..ab40175 100644
--- a/hosts/workstation/configuration.nix
+++ b/hosts/workstation/configuration.nix
@@ -26,9 +26,9 @@ in
     nix.cores = 8;
     nix.maxJobs = 8;
     users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
-      ../../secrets/ssh/ed25519_nixserver.pub
-      ../../secrets/ssh/ed25519_nixminiserver.pub
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
+      "nixserver"
+      "nixminiserver"
     ];
   };
   home-manager.users.jawz = {
diff --git a/modules/users/nixremote.nix b/modules/users/nixremote.nix
index 4b7dda6..3f38022 100644
--- a/modules/users/nixremote.nix
+++ b/modules/users/nixremote.nix
@@ -1,13 +1,13 @@
-{ lib, config, ... }:
+{ lib, config, inputs, ... }:
 {
   options.my.users.nixremote = {
     enable = lib.mkEnableOption "nixremote user for distributed builds";
     authorizedKeys = lib.mkOption {
       type = lib.types.listOf lib.types.path;
-      default = [
-        ../../secrets/ssh/ed25519_nixworkstation.pub
-        ../../secrets/ssh/ed25519_nixserver.pub
-        ../../secrets/ssh/ed25519_nixminiserver.pub
+      default = inputs.self.lib.getSshKeys [
+        "nixworkstation"
+        "nixserver" 
+        "nixminiserver"
       ];
       description = "List of SSH public key files to authorize for nixremote user";
     };
diff --git a/parts/core.nix b/parts/core.nix
index c055c3c..d78a9a9 100644
--- a/parts/core.nix
+++ b/parts/core.nix
@@ -197,6 +197,21 @@ in
       mkPostgresDependencies =
         config: serviceMap:
         serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
+      sshKeys = {
+        deacero = ../../secrets/ssh/ed25519_deacero.pub;
+        workstation = ../../secrets/ssh/ed25519_workstation.pub;
+        server = ../../secrets/ssh/ed25519_server.pub;
+        miniserver = ../../secrets/ssh/ed25519_miniserver.pub;
+        galaxy = ../../secrets/ssh/ed25519_galaxy.pub;
+        phone = ../../secrets/ssh/ed25519_phone.pub;
+        vps = ../../secrets/ssh/ed25519_vps.pub;
+        emacs = ../../secrets/ssh/ed25519_emacs.pub;
+        # Build user keys (nixremote)
+        nixworkstation = ../../secrets/ssh/ed25519_nixworkstation.pub;
+        nixserver = ../../secrets/ssh/ed25519_nixserver.pub;
+        nixminiserver = ../../secrets/ssh/ed25519_nixminiserver.pub;
+      };
+      getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
     };
   };
 }