From 39ec224d053aa84b37ebc8b285fa8534aa2831f5 Mon Sep 17 00:00:00 2001
From: "Jill \"oatmealine\" Monoids" <oatmealine@disroot.org>
Date: Tue, 18 Oct 2022 19:54:57 +0200
Subject: [PATCH] refactor authorizedKeys

---
 hosts/dark-firepit/authorizedKeys.nix     | 60 ++++++++---------------
 hosts/dark-firepit/default.nix            | 21 +++++---
 hosts/dark-firepit/wireguardInterface.nix |  8 +--
 lib/default.nix                           |  7 ++-
 lib/helpers.nix                           | 19 +++++++
 result                                    |  2 +-
 6 files changed, 66 insertions(+), 51 deletions(-)
 create mode 100644 lib/helpers.nix

diff --git a/hosts/dark-firepit/authorizedKeys.nix b/hosts/dark-firepit/authorizedKeys.nix
index 80909f0..0c8e8c8 100644
--- a/hosts/dark-firepit/authorizedKeys.nix
+++ b/hosts/dark-firepit/authorizedKeys.nix
@@ -1,39 +1,21 @@
-lib:
-
-with lib;
-let
-  # please only append keys in this list to not mess up
-  # wireguard auto-genned IPs!!
-  peerList = [
-    {
-      hostname = "aether@subsurface";
-      ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface";
-      wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw=";
-    }
-    {
-      hostname = "oatmealine@void-defragmented";
-      ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy";
-      wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg=";
-    }
-    {
-      hostname = "oatmealine@beppy-phone";
-      ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH";
-      wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4=";  
-    }
-    {
-      hostname = "mayflower@BMW-M550d-xDrive"; # car 5
-      ssh = "AAAAB3NzaC1yc2EAAAADAQABAAABAQCL75/Pg5bP7LaXE6uPyyv8QDRivWJC6YcH6oJJztkjqL6g+0xPPiN6I54q/bNF4nHA2BHVUktKUU9bGDEOpYIRq7kegp2/K/+FNTM1Kz6rJSrSc8e0Ogxg8vhD6maxqLU8q+D1OMhBu0UiWUB+GxXmeYfBtXPjpcE+AaJ80BPs7vwiulHPGn7UAcRuP36Z+3JJiN2BQnU2aizXWsgyU575Uy3DVvAt7eHon+SoJiTCs2//5KexJ42U6ZiE6f/oTFdiud70lpxhGgiiFvj6M9RZ0aLoxspiskW45jKLXIMJ+mO6husg9GfvCchbps3YkmH0hZ24Ii1EiFhi5HZMY0Lt";
-    }
-  ];
-in {
-  list = peerList;
-  # here for convinience purposes
-  set = listToAttrs (map (n: {
-    name = n.hostname;
-    value = {
-      # todo: something more generic might fit better?
-      ssh = n.ssh;
-      wg = n.wg;
-    };
-  }) peerList);
-}
+[
+  {
+    hostname = "aether@subsurface";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLDtlpOnQFQq9mPMhR1uQnjrTexcof+c+y+ot/7Jgnt aether@subsurface";
+    wg = "XEVSwNNPR7RTt/O0ihYmv3nopbPmqkCMGrVRCixnPWw=";
+  }
+  {
+    hostname = "oatmealine@void-defragmented";
+    ssh = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDbJDo79TD9RV77MnArQwS94wzBo+6l6dYQnaNdPk2xo019+tc7GyuQ+GHyh4qewIUQOwe3Ddj4YxJN9IS3E360/6RdaNDxn3hUp2jh/x9SOjh0W86FJfdHEQViNeFVSXJv+QBZT9ibR9IbOHYezhD6gtz15pNhEqhQyqw2hJuQzxLvnictTc4lPQnWN9I8ga+OVSh7Uauu5OKbUOyRRj1Er/hasNviCaGBJnLDYjSqTDRvEbdYlfuhrYITJ+viZOQq7Nczs6dbsl627FCvhr5vQi+/vvpx9DKHDvpGvbEglOmOwgffSkaOIIx/pNHTsRccX7c3/im6z4pCDj4bEuiqqawv2C6DV0aM01bW8cchOJrmSQGTygTrJuuVPHp4IRIZNvQGS+97j4u+d7ofricLR1RoxJcQibvRA9rhhYI2FhwrAweuuLktjSj5RkQnypd9kjOuH+nhgLZunreNoyPNDCmcOBA7BA0rD2pCIKB9SzlelMjVuvy0PA8uWfNFfxGU+m3BH7lQS/A6V+NeYrMGiZ+u+t9Pgr6kAoR7mAUO+obIdMM/lOp1/zGBY8lk2Aq3GQcyGVNi18VR0uA+NMaJYXA1JzSiPCz7cQn1pKIAKiDEnzicf5MxDHIi5F1iQ/Lc+NftgmDXZEAHDY1bQepScOttaOZQZLpYP/eWwlEQJQ== oatmealine@beppy";
+    wg = "533BncNpHKzJVx5lwdxBg+aUfLGqea9uUYz70C6wxyg=";
+  }
+  {
+    hostname = "oatmealine@beppy-phone";
+    ssh = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUgEsAQ7EL5/3STLAk/0qWJddYqfBY71yS9RtRSWd3w JuiceSSH";
+    wg = "qT7gX8beM/kW9AYg5dV1e3cLzLDTLxMO2CmnbFpMVj4=";  
+  }
+  {
+    hostname = "mayflower@BMW-M550d-xDrive"; # car 5
+    ssh = "AAAAB3NzaC1yc2EAAAADAQABAAABAQCVH1q8t7fnIlS8sUFnnfTqTK2d6wmaqUE2xJ/jNFCj3hNK4uR7aU7D85M4vMgXfTqacdrmdiNlWehOjlPf2cWxAqYFqIVcBaka0lf6iUzuEJmHtdXlSHvTK/G38pC2aE9SQkYqY5pEUrniKWNdjqmqK2bYVqXIwimI5eFLRipKYXZzzIf67vu4Zu3oaxAVn02XyWasO7660vab/gMVdn/uzj56pJ1iscuOc/IuoMPQE0TdMH1OMJ8oJMR844DdTx45+vxv1u5Jz9ECbJo91tCq7kIATfHHm739pI7ZYY7oDH0OzUKFeU5y4E8o/SaJWPvBkeXZXUxPwY5I1TBfnKAV";
+  }
+]
diff --git a/hosts/dark-firepit/default.nix b/hosts/dark-firepit/default.nix
index 83a2474..05a50fe 100644
--- a/hosts/dark-firepit/default.nix
+++ b/hosts/dark-firepit/default.nix
@@ -1,7 +1,9 @@
 { pkgs, inputs, lib, ... }:
 
 let
-  keys = import ./authorizedKeys.nix lib;
+  keys = import ./authorizedKeys.nix;
+  fetchSSH = (host: lib._.getSSH host keys);
+  fetchSSHKeys = map fetchSSH;
 in {
   imports = [
     ./hardware-configuration.nix
@@ -31,7 +33,9 @@ in {
         shell = pkgs.unstable.fish;
         extraGroups = [ "wheel" "nix-users" "dotfiles" ];
         initialHashedPassword = "!";
-        openssh.authorizedKeys.keys = [ keys.set."aether@subsurface".ssh ];
+        openssh.authorizedKeys.keys = fetchSSHKeys [
+          "aether@subsurface"
+        ];
       };
 
       homeConf.home = {
@@ -49,7 +53,10 @@ in {
         shell = pkgs.unstable.fish;
         extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
         initialHashedPassword = "!";
-        openssh.authorizedKeys.keys = [ keys.set."oatmealine@void-defragmented".ssh keys.set."oatmealine@beppy-phone".ssh ];
+        openssh.authorizedKeys.keys = fetchSSHKeys [
+          "oatmealine@void-defragmented"
+          "oatmealine@beppy-phone"
+        ];
       };
 
       homeConf.home = {
@@ -66,7 +73,9 @@ in {
         shell = pkgs.unstable.fish;
         extraGroups = [ "wheel" "nix-users" "dotfiles" "yugoslavia" ];
         initialHashedPassword = "!";
-        openssh.authorizedKeys.keys = [ keys.set."mayflower@BMW-M550d-xDrive".ssh ];
+        openssh.authorizedKeys.keys = fetchSSHKeys [
+          "mayflower@BMW-M550d-xDrive"
+        ];
       };
 
       homeConf.home = {
@@ -95,8 +104,8 @@ in {
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRI9sGl0EmOkNNnh8SgRq197gkEy3XEwKZjLIr27V9PfaVOLIAcZiGcOa5q7rc5FjcCtkQ9+/twE24bZpxkK0ygrRJBEdT+HGAUmpY/kRPEn/tqjmwNu43vQqOhNSYmAAzdjJ4AuRPK5st8QQyOzKv5Pnghwy8xPAjOM3o4n9ULMLjVvAu0eTmCJMKxEvz5FUEIVZtEid/ng46k/bJ/njSh8vyGBQV4fJei6M9Ovw0HPqqzWyV/e0c3hTClG4dfLCK3Qv3hLhXQ+8I9iaL7D2wZdr3F2lbg0vS/QctPZc28f1gpkFEzVflEzAk4aFwJMMflY04IG1Dr44IfM1gJbpj rsa-key-20220423"
         "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCL75/Pg5bP7LaXE6uPyyv8QDRivWJC6YcH6oJJztkjqL6g+0xPPiN6I54q/bNF4nHA2BHVUktKUU9bGDEOpYIRq7kegp2/K/+FNTM1Kz6rJSrSc8e0Ogxg8vhD6maxqLU8q+D1OMhBu0UiWUB+GxXmeYfBtXPjpcE+AaJ80BPs7vwiulHPGn7UAcRuP36Z+3JJiN2BQnU2aizXWsgyU575Uy3DVvAt7eHon+SoJiTCs2//5KexJ42U6ZiE6f/oTFdiud70lpxhGgiiFvj6M9RZ0aLoxspiskW45jKLXIMJ+mO6husg9GfvCchbps3YkmH0hZ24Ii1EiFhi5HZMY0Lt mayflower"
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHrlqH2OShvXdzq1sV5IDuWQzeC9OHBVvwj0+Y0XXwi7 mayflower-thinkpad"
-        keys.set."oatmealine@void-defragmented".ssh
-        keys.set."oatmealine@beppy-phone".ssh
+        #fetchSSH "oatmealine@void-defragmented"
+        #fetchSSH "oatmealine@beppy-phone"
       ];
       packages = with pkgs; [ tmux micro ];
       shell = pkgs.unstable.fish;
diff --git a/hosts/dark-firepit/wireguardInterface.nix b/hosts/dark-firepit/wireguardInterface.nix
index 23e9c46..bc354aa 100644
--- a/hosts/dark-firepit/wireguardInterface.nix
+++ b/hosts/dark-firepit/wireguardInterface.nix
@@ -2,8 +2,8 @@
 
 with lib;
 let
-  peerKeys = import ./authorizedKeys.nix lib;
-  wgKeys = filter (hasAttr "wg") peerKeys.list;
+  peerKeys = import ./authorizedKeys.nix;
+  wgKeys = filter (hasAttr "wg") peerKeys;
 in {
   ips = [ "10.100.0.1/24" ];
 
@@ -11,7 +11,8 @@ in {
 
   listenPort = 51820;
 
-  peers = genList (n: let
+  peers = genList (n:
+  let
     keychain = elemAt wgKeys n;
     ip = "10.100.0.${toString (n+2)}/32";
   in {
@@ -19,4 +20,3 @@ in {
     allowedIPs = [ ip ];
   }) (length wgKeys);
 }
-
diff --git a/lib/default.nix b/lib/default.nix
index f978e9c..feeee04 100644
--- a/lib/default.nix
+++ b/lib/default.nix
@@ -4,9 +4,14 @@ lib.extend (self: super:
   let
     inherit (lib) attrValues foldr;
     inherit (modules) mapModules;
+    inherit (helpers) getSSH getWG;
 
     modules = import ./modules.nix { inherit lib; };
+    helpers = import ./helpers.nix { inherit lib; };
   in {
-    _ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file { inherit pkgs inputs; lib = self; })));
+    _ = foldr (a: b: a // b) {} (attrValues (mapModules ./. (file: import file {
+      inherit pkgs inputs;
+      lib = self;
+    })));
   }
 )
diff --git a/lib/helpers.nix b/lib/helpers.nix
new file mode 100644
index 0000000..7a08c0f
--- /dev/null
+++ b/lib/helpers.nix
@@ -0,0 +1,19 @@
+{ lib, ... }:
+
+with lib;
+rec {
+  indexFrom = origin: name: item: list: foldr
+  (h: t:
+    if h.${origin} == name && hasAttr item h
+    then h.${item}
+    else t)
+  (error ''
+    No item at the origin point ${origin} with element ${name} found.
+    Please make sure that the item with that origin exists, and,
+    failing that, that it also has the requested item defined.
+  '')
+  list;
+
+  getSSH = name: keys: indexFrom "hostname" name "ssh" keys;
+  getWG = name: keys: indexFrom "hostname" name "wg" keys;
+}
diff --git a/result b/result
index 6dbe7a6..970486e 120000
--- a/result
+++ b/result
@@ -1 +1 @@
-/nix/store/f5ybdcl8js6wh9w643f1agaxcsfh0i12-nixos-system-dark-firepit-22.05.20220731.ede02b4
\ No newline at end of file
+/nix/store/js089ixiqw488kiakkbxr4kfy671f98v-nixos-system-dark-firepit-22.05.20220822.5252708
\ No newline at end of file