From eaaffcc289ccad209ca51947e2f6c0563e43398a Mon Sep 17 00:00:00 2001
From: javalsai <jvssxxi@gmail.com>
Date: Sun, 3 May 2026 00:11:27 +0200
Subject: [PATCH] lib/ssh: add more ssh keys

---
 lib/ssh/keys.nix  |  6 ++++-
 nixos/openssh.nix |  6 +----
 nixos/users.nix   | 66 ++++++++++++++++++++++++++++++-----------------
 3 files changed, 48 insertions(+), 30 deletions(-)

diff --git a/lib/ssh/keys.nix b/lib/ssh/keys.nix
index e7643d6..425911b 100644
--- a/lib/ssh/keys.nix
+++ b/lib/ssh/keys.nix
@@ -1,4 +1,8 @@
 {
   error = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDzdpxex2GlFVf5G2qsh3Ixa/XCMjnbq4JSTmAev7WYJ error.nointernet@gmail.com";
-  javalsai = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCufzCHLqMfuHpKKisd9Y+3l6hudbQQyaHg1lgQs5XEO58f0dIoUK3gc8iVO6dGGeY5q2o0cDcildHiT0PYc96rq7WJLCY00mAuclEuhmRSPjsei2IT3rWTawIheD2tWq+vAQjIBKibYWnVYwNOsbR3Zz1uKG/LNqqDnyYO/t4iMmhO1qcl6j8dRVBtzWYu3TnTrwx45sj54Y9hqZZiwB1xlzhHznSw6YPOe51hUO/yUtXKF2FCyfG7LHELZBMXkPQD6h4mDu+QNPN2D5RGd+Q5WzHcXcrXH/DvogVW6g3YGpBjTNKllCjGJYdYgjcjzQOS3I8ZOL6CUQzcZt2QwO3P42s4cjGzBwIub2zFnMOCyGgbKCYh3G7KKcde9qAX0yl8k+XNPIletJAV7pDrivzmgRLdy3iWud+q8TytkDLhcd/7g+pE6FE8y3IbejwXGNUn8CXJOKWH5zk0MVWSpNqz+6rlV43iPb4yuO7TFVnzuw/wKyOoc8RlFGEb/XLXwPs=";
+  javalsai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDFjavnLqxIzFLIUpUWDOwhlYeoII4Qk1/9e0yWWxD/P";
+  max = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDxVfJhzPDZ108UjB3Vj/akzlzYn27kyAw29AuYAr7gvG5vrqhLUYYmK8t+ZVWVpc1g6cK7OF1oUn2E5Qfmy6wqyZQXftAZ4OcRS0MB71W1bAcRq3rGe6KQDm8RSEeygX+zO+2Z6zQmVWgPr/I+JFQZ8wiWdP8X8djqTRdhqUD+SR3ZgTcnY3aLmeB/I56rcZQ3lKIeg/pEsyQ8weptlV0rTWamna6Z7Nw48VwWNSI+6EqfW2/4/edm0Ue8jMNqNZ0yx+kHJbudPgZgSR1SiR2rqlEEUaiQJQQV3VdY4DhGm7143ZSKUxyKlfTuQ7qR1zSIg6f5V71A37ik9YiSbBlOZO86swR4qHESoMNf608IuqRt2NdALHwozFPUCu16qnhu5JTk8twSAzrAhOk5zWQj1LYMoQEBhcFSmwir/1gE71NSjYtqXGVAdfkVmZ4uqG5+a1D7H3VXWOqu/j839M045O1ZBY6X3lKDsEJ1Z1+LCl/NojWnvPtJUHYI6+SdQ6k=";
+
+  vectorum = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCwfPaylCSN7ZqB6Trz8CmQlyzf0NUIy06uschdIOkdzjUNe/dPGbyEFZy/4SDBhg585x8hwfhfYjLGrneYq+O42DBDTDKxduWnIdl5zgPRqt7jB59jkukf9WUdpUdZsKCM5K97HCnizNEKGRnYllVPVQSapPhOm5dZlUD9YVv1UqbDuxtWOLvArkL52e9T+yL6FagRg6NPqA70MXPMk+S2H7lotFVxP2Eg//BCaQ0/H1vhNy6P4N6LLq3sVK1DSJyd2v8zHkdb2Zo0/Ygukol10KizSsEcihm8+bXp699uSgWIsaIQgDZlE1yx2iabmzQST1kL9+USnZZBZ+KxwtLCCI8mpCv6sxlhq2Zzim5HvsyMYM+zdHWIn1s2c6mEl4ntBAB4s5wAggS5Gjh/BfJLSvGsTFMC/XYX4gWFXynY5NlcopeENL2Afg4gbQvKkxYkWB/TMZWuqj5c5kCy+7F0881DpYxapq6kQ6IE4gkGiEQdhVFGWEFoV/k9iHrl6aanqvFtvuBHHgkXAGPpHAZDVZdp9lU0tqNQIM/eGINq4Or6wd9XDYyj5ezDEBxx1pPgweUDZrNe9+vKR+3AwbzB/XQPxTCcjd4d7Yx58jPLflFP1dDYT+3bvp+vA7UpHcJnISbVNu0SiSaIqLYhwDj1od5l6JDfRCqnMF1T59nRCQ==";
+  pickzelle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPUYQUWoL8iGc+PSrRrHyNwcOcmgGwPvJAM9HRJkPqcW pixel@DOOM-Machine";
 }
diff --git a/nixos/openssh.nix b/nixos/openssh.nix
index 0a8e64e..2506c35 100644
--- a/nixos/openssh.nix
+++ b/nixos/openssh.nix
@@ -1,17 +1,13 @@
-{ self, ... }:
 {
   services.openssh = {
     enable = true;
 
     settings = {
       ClientAliveInterval = 300;
+
       KbdInteractiveAuthentication = false;
       PasswordAuthentication = false;
       PermitRootLogin = "no";
     };
   };
-
-  users.users.root.openssh.authorizedKeys.keys = builtins.attrValues {
-    inherit (import "${self}/lib/ssh/keys.nix") error javalsai;
-  };
 }
diff --git a/nixos/users.nix b/nixos/users.nix
index 8af86af..c54942f 100644
--- a/nixos/users.nix
+++ b/nixos/users.nix
@@ -16,6 +16,9 @@ let
     {
       name = "vectorum";
     }
+    {
+      name = "pickzelle";
+    }
   ];
 
   adminGroups = [
@@ -27,32 +30,41 @@ let
     "wheel"
   ];
 
-  mkUser = name: uid: options: {
-    users.users.${name} = {
-      isNormalUser = true;
-      extraGroups = lib.optionals (options.admin or false) adminGroups;
-      inherit uid;
+  getSSHKeys =
+    username:
+    let
+      sshKeys = import "${self}/lib/ssh/keys.nix";
+    in
+    if (builtins.hasAttr username sshKeys) then
+      lib.lists.toList sshKeys.${username}
+    else
+      lib.warn "user ${username} declared without ssh key" [ ];
 
-      openssh.authorizedKeys.keys =
-        let
-          keys = import "${self}/lib/ssh/keys.nix";
-        in
-        if (builtins.hasAttr name keys) then
-          [ keys.${name} ]
-        else
-          lib.warn "user ${name} declared without ssh key" [ ];
-    };
+  mkUser =
+    name: uid: options:
+    let
+      admin = options.admin or false;
 
-    systemd.slices."user-${builtins.toString uid}".sliceConfig = {
-      CPUQuota = "50%";
-      CPUWeight = "10";
-      IOAccounting = true;
-      IOWeight = "10";
-      MemoryMax = "2G";
-      MemorySwapMax = "1G";
-      TasksMax = "100";
+    in
+    {
+      users.users.${name} = {
+        isNormalUser = true;
+        extraGroups = lib.optionals admin adminGroups;
+        inherit uid;
+
+        openssh.authorizedKeys.keys = getSSHKeys name;
+      };
+
+      systemd.slices."user-${builtins.toString uid}".sliceConfig = {
+        CPUQuota = "50%";
+        CPUWeight = "10";
+        IOAccounting = true;
+        IOWeight = "10";
+        MemoryMax = "2G";
+        MemorySwapMax = "1G";
+        TasksMax = "100";
+      };
     };
-  };
 in
 lib.recursiveUpdate
   (builtins.foldl'
@@ -67,5 +79,11 @@ lib.recursiveUpdate
     users
   ).options
   {
-    users.users.root.initialPassword = "tuxcord";
+    users.users.root = {
+      initialPassword = "tuxcord";
+
+      openssh.authorizedKeys.keys = lib.lists.concatLists (
+        map (user: getSSHKeys user.name) (builtins.filter (user: user.options.admin or false) users)
+      );
+    };
   }