From 7bcd3d05415e4d21bf87557bd70d56607287a380 Mon Sep 17 00:00:00 2001
From: Marek Paśnikowski <marek@marekpasnikowski.pl>
Date: Sat, 15 Nov 2025 22:55:42 +0100
Subject: id1000: define SSH keys used on 4 systems

* users/id1000.scm (openssh-host/*, openssh-configuration, openssh):
  implement records defining an SSH configuration.

* users/id1000.scm (uid1000-home-environment):
  isolate function call to home-fontconfig-service-type for better legibility;
  use the openssh record.
---
 users/id1000.scm | 66 +++++++++++++++++++++++++++++++++++++++++++++-----------
 1 file changed, 53 insertions(+), 13 deletions(-)

(limited to 'users')

diff --git a/users/id1000.scm b/users/id1000.scm
index 9564809..331eda2 100644
--- a/users/id1000.scm
+++ b/users/id1000.scm
@@ -13,6 +13,8 @@
                  #:prefix gnu:home:services:shepherd:)
   #:use-module ( (gnu home services sound)
                  #:prefix gnu:home:services:sound:)
+  #:use-module ( (gnu home services ssh)
+                 #:prefix gnu:home:services:ssh:)
   #:use-module ( (gnu packages audio)
                  #:prefix gnu:packages:audio:)
   #:use-module ( (gnu packages disk)
@@ -526,6 +528,43 @@
   (gnu:services:service (@ (gnu services mail) dovecot-service-type)
 	   dovecot-configuration*))
 
+(define openssh-host/*
+  (gnu:home:services:ssh:openssh-host
+    (name          "top-level")
+    (host-name     "*")
+    (extra-content (string-append "ServerAliveInterval 60\n"
+                                  "ServerAliveCountMax 2\n"))))
+
+(define openssh-configuration
+  (let
+    ( (l-aisaka   (mixed-text-file "aisaka-openssh-keys"
+                                   "aisaka ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n"
+                                   "[marekpasnikowski.pl]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n"
+                                   "[git.marekpasnikowski.pl]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n"))
+      (l-akashi   (mixed-text-file "akashi-openssh-keys"
+                                   "\n"))
+      (l-marek    (mixed-text-file "marek-openssh-keys"
+                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzC1VvW6TB4pMuGyfTM36T7Ar7FZqSXc7kCoVDNwtUX marek@akashi\n"
+                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJew7ti1qr545Z6OUZ/xcNUg7ib6P0pTbSZqFpSvNhKU marek@mcdowell\n"
+                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBo2coChmWHQn9BEbp0dA7DQG7CPEweVcsmnaIVmXyR marek@rakan\n"))
+      (l-mcdowell (mixed-text-file "mcdowell-openssh-keys"
+                                   "mcdowell ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/EueZjfqWhdML17z+Da7+KWHofXBpP020ff1vKedOr\n"))
+      (l-rakan    (mixed-text-file "rakan-openssh-keys"
+                                   "rakan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ\n"
+                                   "[marekpasnikowski.pl]:24 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ\n")))
+    (gnu:home:services:ssh:home-openssh-configuration
+      (hosts           (list openssh-host/*))
+      (known-hosts     (list l-aisaka
+                             l-akashi
+                             l-mcdowell
+                             l-rakan))
+      (authorized-keys (list l-marek)))))
+
+(define openssh
+  (gnu:services:service
+    gnu:home:services:ssh:home-openssh-service-type
+    openssh-configuration))
+
 (define-public smtp-service
   (gnu:services:service (@ (gnu services mail) opensmtpd-service-type)
 	   opensmtpd-configuration*))
@@ -552,10 +591,13 @@
       (l-home-pipewire-service (gnu:services:service gnu:home:services:sound:home-pipewire-service-type))
       (l-home-shepherd-service (gnu:services:service gnu:home:services:shepherd:home-shepherd-service-type)))
     (let
-      ( (l-gitconfig (list "git/config"
-                           l-gitconfig-file))
-        (l-gitignore (list "git/ignore"
-                           l-gitignore-file))
+      ( (l-gitconfig          (list "git/config"
+                                    l-gitconfig-file))
+        (l-gitignore          (list "git/ignore"
+                                    l-gitignore-file))
+        (l-fontconfig         (sovereign:services:fontutils:home-fontconfig-service-type #f
+                                                                                         #f
+                                                                                         "Noto"))
         (l-home-files-service (gnu:services:simple-service 'home-files
                                                            gnu:home:services:home-files-service-type
                                                            l-home-files)))
@@ -569,20 +611,18 @@
                                            environment-variables
                                            l-git-configuration
                                            l-home-files-service
-                                           (sovereign:services:fontutils:home-fontconfig-service-type #f
-                                                                                                      #f
-                                                                                                      "Noto")))
-          (l-services                (cons* sovereign:services:admin:update-commands
-                                            l-home-dbus-service
-                                            l-home-pipewire-service
-                                            l-home-shepherd-service
-                                            l-user-services)))
+                                           l-fontconfig)))
         (gnu:home:home-environment
           (packages (cons* gnu:packages:version-control:git
                            gnu:packages:disk:gparted
                            gnu:packages:librewolf:librewolf
                            sovereign:systems:common-home-environment-packages))
-          (services l-services))))))
+          (services (cons* sovereign:services:admin:update-commands
+                           l-home-dbus-service
+                           l-home-pipewire-service
+                           l-home-shepherd-service
+                           openssh
+                           l-user-services)))))))
 
 (define-public name/home-environment
   (list uid1000-name
-- 
cgit v1.2.3