From 50a384ce2c6acd3aa077b3f4db33403933bfbfab Mon Sep 17 00:00:00 2001
From: Haak Saxberg <haak.erling@gmail.com>
Date: Sun, 31 Jul 2022 22:42:37 -0700
Subject: [PATCH] use root-with-key authorization instead of target user for
 deploys

---
 nix/deployments/nixops.nix    | 6 +++++-
 nix/system/framework/keys.nix | 3 +++
 2 files changed, 8 insertions(+), 1 deletion(-)
 create mode 100644 nix/system/framework/keys.nix

diff --git a/nix/deployments/nixops.nix b/nix/deployments/nixops.nix
index 082b399..33535c9 100644
--- a/nix/deployments/nixops.nix
+++ b/nix/deployments/nixops.nix
@@ -6,6 +6,7 @@
 
     storage.legacy = { };
   };
+
   defaults = {
     imports = [
       # make sure you have properly added the home-manager channel!
@@ -16,11 +17,14 @@
 
     # for nixops to log in and perform operations as haak (instead of root)
     security.sudo.wheelNeedsPassword = false;
+    users.users.root.openssh.authorizedKeys.keys = [
+      (import ../system/framework/keys.nix).public
+    ];
     home-manager.users.haak = (import ../home/commandline.nix);
   };
+
   nas = {
     deployment.targetHost = "192.168.1.65";
-    deployment.targetUser = "haak";
     imports = [ ../system/xps11/configuration.nix ];
   };
 }
diff --git a/nix/system/framework/keys.nix b/nix/system/framework/keys.nix
new file mode 100644
index 0000000..7d1931d
--- /dev/null
+++ b/nix/system/framework/keys.nix
@@ -0,0 +1,3 @@
+{
+  public = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd7+5+rLGrsGbg+mXjzQLqwAR2VNNFPCb7Va4FqVwd7 haak@framework";
+}