move ssh public keys into vars

sshKeys/alka_alkpc

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEQgWigEHjD8AGv4Omzm7q3pNk3V0ycvLnsiJkt0TB2 alka@alkpc

sshKeys/xun_nixdesk

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqW5ZkBV2XCdF/ZhwC1DOfrgiLxCC2ym6BO7miHi05M xun@nixdesk

sys/profiles/core/deploy.nix

@@ -1,6 +1,6 @@
 {
   lib,
-  self,
+  vars,
   ...
 }: {
   nix.settings.trusted-users = ["deploy"]; # trust closures created by our user
@@ -18,9 +18,10 @@
     password = lib.mkForce null;
     passwordFile = lib.mkForce null;
 
-    openssh.authorizedKeys.keyFiles = [
-      (self + /sshKeys/xun_nixdesk)
-      (self + /sshKeys/alka_alkpc)
+    openssh.authorizedKeys.keys = with vars.sshKeys; [
+      xun_nixdesk
+      xun_redmi
+      alka_alkpc
     ];
   };
 }

sys/profiles/core/users.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  vars,
+  ...
+}: {
   users.users.xun = {
     isNormalUser = true;
     initialPassword = "nixos";
@@ -12,5 +16,10 @@
       "render"
       "audio"
     ];
+
+    openssh.authorizedKeys.keys = with vars.sshKeys; [
+      xun_nixdesk
+      xun_redmi
+    ];
   };
 }

vars/default.nix

@@ -1,3 +1,8 @@
 {
   domain = "xunuwu.xyz";
+  sshKeys = {
+    xun_nixdesk = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKqW5ZkBV2XCdF/ZhwC1DOfrgiLxCC2ym6BO7miHi05M xun@nixdesk";
+    xun_redmi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK2FOrgCLSoewCnDH01SmRqsCb7cR3CA6AcULrlV+180 xun@redmi";
+    alka_alkpc = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEQgWigEHjD8AGv4Omzm7q3pNk3V0ycvLnsiJkt0TB2 alka@alkpc";
+  };
 }