5 files changed, 9 insertions, 7 deletions

diff --git a/hosts/ahmed/git.linus.onl/default.nix b/hosts/ahmed/git.linus.onl/default.nix
index be62efa..24eda7f 100644
--- a/hosts/ahmed/git.linus.onl/default.nix
+++ b/hosts/ahmed/git.linus.onl/default.nix
@@ -35,7 +35,8 @@ in {
       openssh.authorizedKeys.keys =
         map (key: "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ${key}")
         [
-          metadata.hosts.muhammed.sshPubKey
+          # The user's own SSH key is used when the Git CLI connects to the server.
+          metadata.hosts.muhammed.sshKeys.linus
         ];
     };
     users.groups.git = {};
diff --git a/hosts/ahmed/local-dns/dns-resolver.nix b/hosts/ahmed/local-dns/dns-resolver.nix
index 1954a52..7d966ee 100644
--- a/hosts/ahmed/local-dns/dns-resolver.nix
+++ b/hosts/ahmed/local-dns/dns-resolver.nix
@@ -32,7 +32,7 @@
 
     # Here we publish all the services we want.
     data = let
-      subdomainToARecord = subdomain: "=${subdomain}.${config.linus.local-dns.domain}:${metadata.hosts.ahmed.ipAddress}";
+      subdomainToARecord = subdomain: "=${subdomain}.${config.linus.local-dns.domain}:${metadata.hosts.ahmed.ipv4Address}";
       ARecords = lib.concatMapStringsSep "\n" subdomainToARecord config.linus.local-dns.subdomains;
     in ''
       # We are authoritative over ${config.linus.local-dns.domain}.
diff --git a/hosts/ahmed/remote-builder/default.nix b/hosts/ahmed/remote-builder/default.nix
index 50f9595..1bb85f6 100644
--- a/hosts/ahmed/remote-builder/default.nix
+++ b/hosts/ahmed/remote-builder/default.nix
@@ -10,9 +10,10 @@
     group = "remotebuilder";
 
     # Allow SSH connections by the Nix client.
-    # This is matched with the ssh config IdentityFile on the client-side.
     openssh.authorizedKeys.keys = [
-      metadata.hosts.muhammed.sshPubKey
+      # This is matched with the ssh config IdentityFile on the client-side.
+      # TODO: Use root key!
+      metadata.hosts.muhammed.sshKeys.linus
     ];
   };
   users.groups.remotebuilder = {};
diff --git a/hosts/ahmed/ssh/default.nix b/hosts/ahmed/ssh/default.nix
index 4912bf5..a2110b7 100644
--- a/hosts/ahmed/ssh/default.nix
+++ b/hosts/ahmed/ssh/default.nix
@@ -13,7 +13,7 @@
 
   users.users = lib.genAttrs ["root" "linus"] (_: {
     openssh.authorizedKeys.keys = [
-      metadata.hosts.muhammed.sshPubKey
+      metadata.hosts.muhammed.sshKeys.linus
 
       # Identity used by Termios on iPhone.
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBPbGet0Mn5+HMeRBXeOkSYqGqbefFZ4kE9aYemyDp9D"
diff --git a/hosts/muhammed/remote-builders/ahmed-builder.nix b/hosts/muhammed/remote-builders/ahmed-builder.nix
index 7b9bd99..384ac51 100644
--- a/hosts/muhammed/remote-builders/ahmed-builder.nix
+++ b/hosts/muhammed/remote-builders/ahmed-builder.nix
@@ -11,7 +11,7 @@
 # See: hosts/ahmed/remote-builder/default.nix
 # FIXME: How to trust key ahead of time?
 {metadata, ...}: let
-  inherit (metadata.hosts.ahmed) ipAddress;
+  inherit (metadata.hosts.ahmed) ipv4Address;
 in {
   nix.buildMachines = [
     {
@@ -29,7 +29,7 @@ in {
   environment.etc."ssh/ssh_config.d/100-ahmed-builder.conf".text = ''
     Host ahmed-builder
       User remotebuilder
-      Hostname ${ipAddress}
+      Hostname ${ipv4Address}
       HostKeyAlias ahmed-builder
       # This matches `users.users.<builder>.authorizedKeys` on the server-side.
       # HACK: We should use a purpose-specific key.