{ pkgs, hostName, ... }: let rebuildScript = pkgs.stdenv.mkDerivation { name = "rebuild-${hostName}"; src = ./rebuild-machine.zsh; buildInputs = with pkgs; [ makeWrapper ]; phases = [ "buildPhase" "installPhase" ]; inherit (pkgs) zsh; inherit hostName; buildPhase = '' substituteAll $src rebuild-machine.zsh ''; installPhase = '' mkdir -p $out/bin install -m 0755 rebuild-machine.zsh $out/bin/rebuild-${hostName} ''; }; in { home-manager.users."root" = { programs.ssh = { enable = true; matchBlocks = { "machines" = { hostname = "git.yggdrasil.li"; user = "gitolite"; identityFile = "/root/.ssh/machines"; }; }; }; }; sops.secrets = { rebuild-machines = { path = "/root/.ssh/machines"; sopsFile = ./ssh + "/${hostName}/private"; format = "binary"; }; }; system.activationScripts.rebuild-machines-publickey = '' install -m 0644 ${./ssh + "/${hostName}/public"} /root/.ssh/machines.pub ''; environment.systemPackages = [ rebuildScript ]; services.openssh.knownHosts = { rsa = { hostNames = [ "git.yggdrasil.li" ]; publicKey = '' ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWpw== ''; }; ed25519 = { hostNames = [ "git.yggdrasil.li" ]; publicKey = '' ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZD ''; }; }; }