From 8807856cad5365d2f4e45137e1afba777ac62143 Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Mon, 8 Jul 2024 01:18:29 +0200
Subject: [PATCH] Allow root ssh access for the infra team

---
 flake.lock | 17 +++++++++++++++++
 flake.nix  |  7 ++++++-
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/flake.lock b/flake.lock
index 3c3d04a..c9aa2d7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,21 @@
 {
   "nodes": {
+    "nixos-infra": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1719849596,
+        "narHash": "sha256-Zxl2EltZSCk9K4lGwo0vc3FrH/YmC/Lj6u8xLr/s154=",
+        "owner": "nixos",
+        "repo": "infra",
+        "rev": "9532a8bb92ae9319de11b6c2052b0d68ff3b4dae",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "repo": "infra",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1719824438,
@@ -69,6 +85,7 @@
     },
     "root": {
       "inputs": {
+        "nixos-infra": "nixos-infra",
         "nixpkgs": "nixpkgs",
         "ofborg": "ofborg"
       }
diff --git a/flake.nix b/flake.nix
index 1df6b82..70a7eee 100644
--- a/flake.nix
+++ b/flake.nix
@@ -1,12 +1,17 @@
 {
   inputs.nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
+  inputs.nixos-infra = {
+    url = "github:nixos/infra";
+    flake = false;
+  };
   inputs.ofborg.url = "github:nixos/ofborg";
-  outputs = { nixpkgs, self, ofborg }: {
+  outputs = { nixpkgs, self, ofborg, nixos-infra }: {
     nixosConfigurations.aarch64-build-box = nixpkgs.lib.nixosSystem {
       system = "aarch64-linux";
       modules = [
         ./configuration.nix
         { ofborg.package = ofborg.packages.aarch64-linux.ofborg.rs; }
+        { users.users.root.openssh.authorizedKeys.keys = (import "${nixos-infra}/ssh-keys.nix").infra; }
       ];
     };
     hydraJobs.system = self.nixosConfigurations.aarch64-build-box.config.system.build.toplevel;