From 9bd5208c2fe401642bf8ab84d4ccd9d16447b7a1 Mon Sep 17 00:00:00 2001
From: Astro <astro@spaceboyz.net>
Date: Sun, 7 Apr 2019 21:23:31 +0200
Subject: [PATCH] factor out into lib/admins.nix

---
 hosts/glotzbert/configuration.nix          | 1 +
 hosts/pulsebert/configuration.nix          | 1 +
 hosts/storage-ng/dhcp/configuration.nix    | 1 +
 hosts/storage-ng/grafana/configuration.nix | 1 +
 hosts/storage-ng/mucbot/configuration.nix  | 1 +
 lib/admins.nix                             | 7 +++++++
 lib/lxc-container.nix                      | 1 -
 7 files changed, 12 insertions(+), 1 deletion(-)
 create mode 100644 lib/admins.nix

diff --git a/hosts/glotzbert/configuration.nix b/hosts/glotzbert/configuration.nix
index 148500d3..1d378827 100644
--- a/hosts/glotzbert/configuration.nix
+++ b/hosts/glotzbert/configuration.nix
@@ -16,6 +16,7 @@ in
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ../../lib/admins.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
diff --git a/hosts/pulsebert/configuration.nix b/hosts/pulsebert/configuration.nix
index 3040fc2d..6b690f81 100644
--- a/hosts/pulsebert/configuration.nix
+++ b/hosts/pulsebert/configuration.nix
@@ -11,6 +11,7 @@ in {
   imports =
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
+      ../../lib/admins.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
diff --git a/hosts/storage-ng/dhcp/configuration.nix b/hosts/storage-ng/dhcp/configuration.nix
index 00610794..7f758e5f 100644
--- a/hosts/storage-ng/dhcp/configuration.nix
+++ b/hosts/storage-ng/dhcp/configuration.nix
@@ -4,6 +4,7 @@
   imports =
     [ ../../../lib/lxc-container.nix
       ../../../lib/shared.nix
+      ../../../lib/admins.nix
     ];
 
   networking.hostName = "dhcp";
diff --git a/hosts/storage-ng/grafana/configuration.nix b/hosts/storage-ng/grafana/configuration.nix
index e5ba2bd2..e3d4cebb 100644
--- a/hosts/storage-ng/grafana/configuration.nix
+++ b/hosts/storage-ng/grafana/configuration.nix
@@ -4,6 +4,7 @@
   imports =
     [ ../../../lib/lxc-container.nix
       ../../../lib/shared.nix
+      ../../../lib/admins.nix
     ];
 
   networking.hostName = "grafana";
diff --git a/hosts/storage-ng/mucbot/configuration.nix b/hosts/storage-ng/mucbot/configuration.nix
index 07ccd021..876268de 100644
--- a/hosts/storage-ng/mucbot/configuration.nix
+++ b/hosts/storage-ng/mucbot/configuration.nix
@@ -7,6 +7,7 @@ in
   imports =
     [ ../../../lib/lxc-container.nix
       ../../../lib/shared.nix
+      ../../../lib/admins.nix
       "${tiggerGit}/module.nix"
     ];
 
diff --git a/lib/admins.nix b/lib/admins.nix
new file mode 100644
index 00000000..9ae98ebf
--- /dev/null
+++ b/lib/admins.nix
@@ -0,0 +1,7 @@
+{ config, ... }:
+{
+  users.users.root.openssh.authorizedKeys.keys =
+    if config.services.openssh.enable
+    then (import ../secrets/lib/authorized_keys).admins
+    else [];
+}
diff --git a/lib/lxc-container.nix b/lib/lxc-container.nix
index 613523c8..00a501cd 100644
--- a/lib/lxc-container.nix
+++ b/lib/lxc-container.nix
@@ -28,5 +28,4 @@
 
   # Required for remote deployment
   services.openssh.enable = true;
-  users.users.root.openssh.authorizedKeys.keys = (import ../secrets/lib/authorized_keys).admins;
 }