From 1ad5cd63d58dca3cc4b618d77282842d5139366a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Thu, 6 Jun 2024 00:43:37 +0300
Subject: [PATCH] ssh: allow motiejus from localhost/root

---
 modules/base/users/default.nix | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/modules/base/users/default.nix b/modules/base/users/default.nix
index 34fa6aa..1d0b57b 100644
--- a/modules/base/users/default.nix
+++ b/modules/base/users/default.nix
@@ -49,10 +49,19 @@ in {
             isNormalUser = true;
             extraGroups = ["wheel" "dialout" "video"] ++ cfg.user.extraGroups;
             uid = myData.uidgid.motiejus;
-            openssh.authorizedKeys.keys = [
-              myData.people_pubkeys.motiejus
-              myData.people_pubkeys.motiejus_work
-            ];
+            openssh.authorizedKeys.keys = let
+              fqdn = "${config.networking.hostName}.${config.networking.domain}";
+            in
+              lib.mkMerge [
+                [
+                  myData.people_pubkeys.motiejus
+                  myData.people_pubkeys.motiejus_work
+                ]
+
+                (lib.mkIf (builtins.hasAttr fqdn myData.hosts) [
+                  ("from=\"127.0.0.1,::1\" " + myData.hosts.${fqdn}.publicKey)
+                ])
+              ];
           }
           // lib.filterAttrs (n: v: n != "extraGroups" && v != null) cfg.user or {};