added programmatic dynamic generation of user defined keys

src/system/machines/desktop/system.nix

@@ -7,7 +7,7 @@
       isNormalUser = true;
       extraGroups = config.user.groups
         ++ [ "video" "audio" "kvm" "libvirtd" ];
-      openssh.authorizedKeys.keys = [ "${config.user.sshKeys.key2}" ];
+      openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.android}" ];
     };
   };
 

src/system/machines/server/system.nix

@@ -17,7 +17,7 @@
     ${config.user.name} = {
       isNormalUser = true;
       extraGroups = config.user.groups;
-      openssh.authorizedKeys.keys = [ "${config.user.sshKeys.key1}" ];
+      openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
     };
   };
 

src/system/machines/vm/system.nix

@@ -8,7 +8,7 @@
     ${config.user.name} = {
       isNormalUser = true;
       extraGroups = config.user.groups;
-      openssh.authorizedKeys.keys = [ "${config.user.sshKeys.key1}" ];
+      openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
     };
   };
 

src/system/machines/wsl/system.nix

@@ -7,7 +7,7 @@
     ${config.user.name} = {
       isNormalUser = true;
       extraGroups = config.user.groups;
-      openssh.authorizedKeys.keys = config.user.sshKeys.key1;
+      openssh.authorizedKeys.keys = [ "${config.user.keys.ssh.primary}" ];
     };
   };
   boot.isContainer = true;

src/user/configs/default.nix

@@ -2,7 +2,7 @@
 
 with lib;
 let
-gpg = config.modules.user.security.gpg;
+modules = config.modules.user;
 
 userConfigs = rec {
   name = "bryan";
@@ -14,24 +14,16 @@ userConfigs = rec {
 
   groups = [ "wheel" "networkmanager" "home-manager" "input" ];
 
-  gitConfig = {
+  keys = import ./keys;
+
+  gitConfig = optionalAttrs modules.git.enable {
     userName = "Bryan Ramos";
     userEmail = email;
-    signing = optionalAttrs gpg.enable {
+    signing = optionalAttrs modules.security.gpg.enable {
       key = "F1F3466458452B2DF351F1E864D12BA95ACE1F2D";
       signByDefault = true;
     };
   };
-
-  pgpKey = {
-    text = import ./keys/pgpKey.nix;
-    trust = 5;
-  };
-
-  sshKeys = {
-    key1 = import ./keys/sshKey1.nix;
-    key2 = import ./keys/sshKey2.nix;
-  };
 };
 
 in

src/user/configs/keys/default.nix

@@ -0,0 +1,26 @@
+with builtins;
+let
+  extractName = string:
+    let
+      metadata = [
+        "pub" "public" "priv" "private"
+        "key" "file" "." "_" "-" "pk"
+      ];
+    in
+      replaceStrings metadata (builtins.map (_: "") metadata) string;
+
+  constructKeys = dir: (
+    listToAttrs (
+      map (subdir: {
+        name = subdir;
+        value = listToAttrs (
+          map (file: {
+            name = extractName file;
+            value = readFile "${dir}/${subdir}/${file}";
+          }) (filter (node: (readDir "${dir}/${subdir}").${node} == "regular") (attrNames (readDir "${dir}/${subdir}")))
+        );
+      }) (filter (node: (readDir dir).${node} == "directory") (attrNames (readDir dir)))
+    )
+  );
+in
+  constructKeys ./.

src/user/configs/keys/pgp/primary.pub.key

@@ -1,4 +1,3 @@
-''
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mQINBGP0BgMBEAC2v+n9plI0p+TqIrmvz7JHoYbtUK3NDkyNeIsgS+sE5nfLB1Ef
@@ -108,4 +107,3 @@ OEpwdDwa67AtzYKG0ssOJI+po9TlbKYS4O4H8XnPhYSOEw8eObNPYCX7jyAjXloo
 1hbflYLyMYo1BxGR6bPS9gJA2w==
 =5uun
 -----END PGP PUBLIC KEY BLOCK-----
-''

src/user/modules/security/modules/gpg/default.nix

@@ -9,7 +9,12 @@ in
   config = mkIf cfg.enable {
     programs.gpg = {
       enable = true;
-      publicKeys = [ config.user.pgpKey ];
+      publicKeys = [
+        {
+          text = "${config.user.keys.pgp.primary}";
+          trust = 5;
+        }
+      ];
     };
 
     services.gpg-agent = {