From 2357c5d3d6ce808ad1e4e4b3e41766862d2fea2c Mon Sep 17 00:00:00 2001
From: prescientmoon <git@moonythm.dev>
Date: Mon, 26 Aug 2024 23:30:04 +0200
Subject: [PATCH] Finalize calypso install!

---
 home/features/cli/ssh.nix                      | 17 +++++++++++------
 home/features/neovim/config/lazy-lock.json     |  3 ---
 hosts/nixos/calypso/services/snapper.nix       |  4 ++--
 hosts/nixos/common/global/services/openssh.nix |  4 +++-
 scripts/emergency.sh                           | 10 ++++++++++
 5 files changed, 26 insertions(+), 12 deletions(-)

diff --git a/home/features/cli/ssh.nix b/home/features/cli/ssh.nix
index d5d3c08..8acaf86 100644
--- a/home/features/cli/ssh.nix
+++ b/home/features/cli/ssh.nix
@@ -1,10 +1,15 @@
-{ config, ... }: {
+{ config, ... }:
+{
   programs.ssh.enable = true;
 
   satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ];
-
-  # Makes it easy to copy ssh keys at install time without messing up permissions
-  systemd.user.tmpfiles.rules = [
-    "d ${config.satellite.persistence.at.state.home}/ssh/.ssh/etc/ssh"
-  ];
+  systemd.user.tmpfiles.rules =
+    let
+      ssh = "${config.satellite.persistence.at.state.home}/ssh/.ssh";
+    in
+    [
+      "d ${ssh}/ssh/.ssh"
+      "e ${ssh}/ssh/.ssh/id_rsa 0700"
+      "e ${ssh}/id_ed25519 0700"
+    ];
 }
diff --git a/home/features/neovim/config/lazy-lock.json b/home/features/neovim/config/lazy-lock.json
index 67916de..d0ec165 100644
--- a/home/features/neovim/config/lazy-lock.json
+++ b/home/features/neovim/config/lazy-lock.json
@@ -16,13 +16,11 @@
   "ftft": { "branch": "master", "commit": "f3e43c9584e14b27f04c27a95a9d9f0e58dfec02" },
   "github-actions": { "branch": "master", "commit": "728374ef59b11a5f5991ea2560d149a4ae33fd22" },
   "gitlinker": { "branch": "master", "commit": "cc59f732f3d043b626c8702cb725c82e54d35c25" },
-  "gitsigns": { "branch": "main", "commit": "e9c4187c3774a46df2d086a66cf3a7e6bea4c432" },
   "gruvbox": { "branch": "main", "commit": "7a1b23e4edf73a39642e77508ee6b9cbb8c60f9e" },
   "harpoon": { "branch": "master", "commit": "ccae1b9bec717ae284906b0bf83d720e59d12b91" },
   "haskell-tools": { "branch": "master", "commit": "92e097c6832405fb64e4c44a7ce8bebe7836cae6" },
   "hyprland": { "branch": "main", "commit": "71760fe0cad972070657b0528f48456f7e0027b2" },
   "idris": { "branch": "main", "commit": "8bff02984a33264437e70fd9fff4359679d910da" },
-  "inc-rename": { "branch": "main", "commit": "8ba77017ca468f3029bf88ef409c2d20476ea66b" },
   "indent-blankline": { "branch": "master", "commit": "65e20ab94a26d0e14acac5049b8641336819dfc7" },
   "lastplace": { "branch": "main", "commit": "0bb6103c506315044872e0f84b1f736c4172bb20" },
   "lean": { "branch": "main", "commit": "182703184edb866d7bfe878be358295e189c8223" },
@@ -47,7 +45,6 @@
   "rust-tools": { "branch": "master", "commit": "676187908a1ce35ffcd727c654ed68d851299d3e" },
   "rzip": { "branch": "master", "commit": "f65400fed27b27c7cff7ef8d428c4e5ff749bf28" },
   "scrap": { "branch": "main", "commit": "cc8453ed613932c744c3d1ec42f379b78bd8b92c" },
-  "ssr": { "branch": "main", "commit": "bb323ba621ac647b4ac5638b47666e3ef3c279e1" },
   "telescope": { "branch": "master", "commit": "a0bbec21143c7bc5f8bb02e0005fa0b982edc026" },
   "treesitter": { "branch": "master", "commit": "7f4ac678770175cdf0d42c015f4a5b6e18b6cb33" },
   "typst": { "branch": "main", "commit": "4d18ced62599ffe5b3c0e5e49566d5456121bc02" },
diff --git a/hosts/nixos/calypso/services/snapper.nix b/hosts/nixos/calypso/services/snapper.nix
index 8f312cf..2c80d17 100644
--- a/hosts/nixos/calypso/services/snapper.nix
+++ b/hosts/nixos/calypso/services/snapper.nix
@@ -6,7 +6,7 @@
     configs = {
       # {{{ Data
       data = {
-        SUBVOLUME = "/root/persist/data";
+        SUBVOLUME = "/persist/data";
         TIMELINE_CREATE = true;
         TIMELINE_CLEANUP = true;
         BACKGROUND_COMPARISON = "yes";
@@ -20,7 +20,7 @@
       # }}}
       # {{{ State
       state = {
-        SUBVOLUME = "/root/persist/state";
+        SUBVOLUME = "/persist/state";
         TIMELINE_CREATE = true;
         TIMELINE_CLEANUP = true;
         BACKGROUND_COMPARISON = "yes";
diff --git a/hosts/nixos/common/global/services/openssh.nix b/hosts/nixos/common/global/services/openssh.nix
index 54b94b1..36a96b5 100644
--- a/hosts/nixos/common/global/services/openssh.nix
+++ b/hosts/nixos/common/global/services/openssh.nix
@@ -68,5 +68,7 @@ in
   services.fail2ban.enable = true;
 
   # Makes it easy to copy host keys at install time without messing up permissions
-  systemd.tmpfiles.rules = [ "d /persist/state/etc/ssh" ];
+  systemd.tmpfiles.rules = [
+    "d /persist/state/etc/ssh"
+  ] ++ (lib.lists.forEach config.services.openssh.hostKeys (key: "e ${key.path} 0700"));
 }
diff --git a/scripts/emergency.sh b/scripts/emergency.sh
index d7437d2..3b68d1a 100755
--- a/scripts/emergency.sh
+++ b/scripts/emergency.sh
@@ -49,6 +49,16 @@ if [ "$action" = "install" ]; then
 
   echo "Installing nixos"
   nixos-install --flake ".#$host"
+
+  echo "Copying user ssh keys"
+  for dir in /mnt/persist/state/home/*; do
+    mkdir -p "$dir/ssh/.ssh"
+    cp /hermes/secrets/$host/id* "$dir/ssh/.ssh"
+  done
+
+  echo "Copying host ssh keys"
+  mkdir -p /mnt/persist/state/home/
+  cp /hermes/secrets/$host/ssh* /mnt/persist/state/etc/ssh/
 fi
 
 if [ "$action" = "enter" ]; then