From 3ce41f4fa4dc74444ff349a96b6fce8ef49f5d7f Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Fri, 3 Jul 2020 15:22:21 +0100
Subject: [PATCH] feat(whitby): Enable nix.sshServe

This exposes a binary cache over SSH.

Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/895
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: BuildkiteCI
Tested-by: BuildkiteCI
---
 ops/nixos/whitby/default.nix | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index ef45b91a3..1be2e41bf 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -128,6 +128,14 @@ in systemForConfig {
     trustedUsers = [
       "grfn"
     ];
+
+    sshServe = {
+      enable = true;
+      keys = with depot.users;
+        tazjin.keys.all
+        ++ lukegb.keys.all
+        ++ [ glittershark.keys.whitby ];
+    };
   };
 
   programs.mtr.enable = true;
@@ -171,9 +179,7 @@ in systemForConfig {
     users.tazjin = {
       isNormalUser = true;
       extraGroups = [ "git" "wheel" ];
-      openssh.authorizedKeys.keys = [
-        depot.users.tazjin.keys.frog
-      ];
+      openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
     };
 
     users.lukegb = {