From 45e7f50e881e553af101df74182c1c15b3513ec9 Mon Sep 17 00:00:00 2001
From: Magic_RB <magic_rb@redalder.org>
Date: Sat, 31 Jul 2021 13:21:50 +0200
Subject: [PATCH] Split off vpsRemoteAccess module

Signed-off-by: Magic_RB <magic_rb@redalder.org>
---
 nix/nixos-modules/default.nix |  1 +
 nix/systems/oci-nixos.nix     | 12 ++++++------
 nix/systems/toothpick.nix     | 17 ++++++++---------
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/nix/nixos-modules/default.nix b/nix/nixos-modules/default.nix
index 72900df..e0e8cae 100644
--- a/nix/nixos-modules/default.nix
+++ b/nix/nixos-modules/default.nix
@@ -9,6 +9,7 @@
     ./pin-nixpkgs.nix
     ./pulseaudio.nix
     ./vault-agent.nix
+    ./vps-remote-access.nix
     ./sshd-emacs.nix
     ./xserver
     ../hardware/default.nix
diff --git a/nix/systems/oci-nixos.nix b/nix/systems/oci-nixos.nix
index be6257c..2a18d08 100644
--- a/nix/systems/oci-nixos.nix
+++ b/nix/systems/oci-nixos.nix
@@ -16,9 +16,13 @@ inputs: {
           pins = inputs;
           overlays = inputs.self.overlays;
 
-          hardware."${hostName}" = true;
+          hardware.${hostName} = true;
           flakes.enable = true;
-          sshdEmacs = true;
+          sshdEmacs.enable = true;
+          vpsRemoteAccess =
+            { enable = true;
+              trustedWheel = true;
+            };
         };
 
         users.groups.nix-cache =
@@ -39,10 +43,6 @@ inputs: {
           [ pkgs.git ];
 
         services.openssh = {
-          enable = true;
-          passwordAuthentication = true;
-          permitRootLogin = "no";
-
           extraConfig = ''
             Match User nix-cache
               ChrootDirectory /var/nix-cache
diff --git a/nix/systems/toothpick.nix b/nix/systems/toothpick.nix
index 8c49d03..0ce2c49 100644
--- a/nix/systems/toothpick.nix
+++ b/nix/systems/toothpick.nix
@@ -11,13 +11,12 @@ inputs: {
         hardware.toothpick = true;
         flakes.enable = true;
         sshdEmacs.enable = true;
+        vpsRemoteAccess =
+          { enable = true;
+            trustedWheel = true;
+          };
       };
 
-      nix.trustedUsers =
-        [ "@wheel" ];
-
-      services.openssh.enable = true;
-
       environment.systemPackages =
         [ pkgs.git
           pkgs.envoy
@@ -42,9 +41,9 @@ inputs: {
       services.nfs.server.enable = true;
 
       # create default network with `podman -r network create default`
-      virtualisation.podman = {
-        enable = true;
-      };
+      # virtualisation.podman = {
+      #  enable = true;
+      # };
 
       virtualisation.docker = {
         enable = true;
@@ -361,7 +360,7 @@ inputs: {
               }
               # thy - main
               { publicKey =
-                  "t04ttCF+EaiAcCKbJh/Z+QR0FCspmGe4BpUbKp2t+Co=";
+                  "dEwoaWN1CiCorGwogggUNhbNsXvfYgfw7GqFxvSKGBk=";
                 allowedIPs =
                   [ "10.64.0.6/32" ];
               }