Refactor SSH key management to use centralized key retrieval function for nixremote users across configurations.

config/jawz.nix

@@ -68,14 +68,14 @@ in
       "plugdev"
       "bluetooth"
     ];
-    openssh.authorizedKeys.keyFiles = [
+    openssh.authorizedKeys.keyFiles = inputs.self.lib.getSshKeys [
-      ../secrets/ssh/ed25519_deacero.pub
+      "deacero"
-      ../secrets/ssh/ed25519_workstation.pub
+      "workstation" 
-      ../secrets/ssh/ed25519_server.pub
+      "server"
-      ../secrets/ssh/ed25519_miniserver.pub
+      "miniserver"
-      ../secrets/ssh/ed25519_galaxy.pub
+      "galaxy"
-      ../secrets/ssh/ed25519_phone.pub
+      "phone"
-      ../secrets/ssh/ed25519_vps.pub
+      "vps"
     ];
   };
 }

hosts/miniserver/configuration.nix

@@ -9,9 +9,9 @@
     nix.cores = 3;
     nix.maxJobs = 8;
     users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
-      ../../secrets/ssh/ed25519_nixworkstation.pub
+      "nixworkstation"
-      ../../secrets/ssh/ed25519_nixserver.pub
+      "nixserver"
     ];
   };
   nix.buildMachines =

hosts/server/configuration.nix

@@ -13,9 +13,9 @@
   my = import ./toggles.nix { inherit config inputs; } // {
     nix.cores = 6;
     users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
-      ../../secrets/ssh/ed25519_nixworkstation.pub
+      "nixworkstation"
-      ../../secrets/ssh/ed25519_nixminiserver.pub
+      "nixminiserver"
     ];
     network.firewall.enabledServicePorts = true;
     network.firewall.additionalPorts = [

hosts/workstation/configuration.nix

@@ -26,9 +26,9 @@ in
     nix.cores = 8;
     nix.maxJobs = 8;
     users.nixremote.enable = true;
-    users.nixremote.authorizedKeys = [
+    users.nixremote.authorizedKeys = inputs.self.lib.getSshKeys [
-      ../../secrets/ssh/ed25519_nixserver.pub
+      "nixserver"
-      ../../secrets/ssh/ed25519_nixminiserver.pub
+      "nixminiserver"
     ];
   };
   home-manager.users.jawz = {

modules/users/nixremote.nix

@@ -1,13 +1,13 @@
-{ lib, config, ... }:
+{ lib, config, inputs, ... }:
 {
   options.my.users.nixremote = {
     enable = lib.mkEnableOption "nixremote user for distributed builds";
     authorizedKeys = lib.mkOption {
       type = lib.types.listOf lib.types.path;
-      default = [
+      default = inputs.self.lib.getSshKeys [
-        ../../secrets/ssh/ed25519_nixworkstation.pub
+        "nixworkstation"
-        ../../secrets/ssh/ed25519_nixserver.pub
+        "nixserver" 
-        ../../secrets/ssh/ed25519_nixminiserver.pub
+        "nixminiserver"
       ];
       description = "List of SSH public key files to authorize for nixremote user";
     };

parts/core.nix

@@ -197,6 +197,21 @@ in
       mkPostgresDependencies =
         config: serviceMap:
         serviceMap |> map (entry: inputs.self.lib.mkPostgresDependency config entry.service entry.name);
+      sshKeys = {
+        deacero = ../../secrets/ssh/ed25519_deacero.pub;
+        workstation = ../../secrets/ssh/ed25519_workstation.pub;
+        server = ../../secrets/ssh/ed25519_server.pub;
+        miniserver = ../../secrets/ssh/ed25519_miniserver.pub;
+        galaxy = ../../secrets/ssh/ed25519_galaxy.pub;
+        phone = ../../secrets/ssh/ed25519_phone.pub;
+        vps = ../../secrets/ssh/ed25519_vps.pub;
+        emacs = ../../secrets/ssh/ed25519_emacs.pub;
+        # Build user keys (nixremote)
+        nixworkstation = ../../secrets/ssh/ed25519_nixworkstation.pub;
+        nixserver = ../../secrets/ssh/ed25519_nixserver.pub;
+        nixminiserver = ../../secrets/ssh/ed25519_nixminiserver.pub;
+      };
+      getSshKeys = keyNames: keyNames |> map (name: inputs.self.lib.sshKeys.${name});
     };
   };
 }