From 7c4a46bd53ba00956331f90191cb8558389f4fcf Mon Sep 17 00:00:00 2001
From: Artem Sheremet <dot.doom@gmail.com>
Date: Wed, 29 Apr 2026 17:10:49 +0200
Subject: [PATCH] Allow reverse SSH via regular trusted keys

---
 flake.nix           |  5 ++++-
 hosts/mars/home.nix | 14 +++++++++++++-
 2 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/flake.nix b/flake.nix
index cec78db..15e3a9b 100644
--- a/flake.nix
+++ b/flake.nix
@@ -81,7 +81,10 @@
 
       homeConfigurations."artem@mars" = home-manager.lib.homeManagerConfiguration {
         pkgs = nixpkgs.legacyPackages.x86_64-darwin;
-        extraSpecialArgs.primaryUser = "artem";
+        extraSpecialArgs = {
+          primaryUser = "artem";
+          inherit trustedSSHKeys;
+        };
         modules = [
           self.homeModules.mac-portable
           ./hosts/mars/home.nix
diff --git a/hosts/mars/home.nix b/hosts/mars/home.nix
index 400af53..16fe530 100644
--- a/hosts/mars/home.nix
+++ b/hosts/mars/home.nix
@@ -1,4 +1,10 @@
-{ pkgs, ... }:
+{
+  pkgs,
+  lib,
+  config,
+  trustedSSHKeys,
+  ...
+}:
 {
   home.packages = with pkgs; [
     dosbox-staging # dosbox appears broken on darwin
@@ -11,6 +17,12 @@
     antigravity
   ];
 
+  home.activation.setupAuthorizedKeys = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
+    run install -m 0600 -D \
+      ${pkgs.writeText "keys" (builtins.concatStringsSep "\n" trustedSSHKeys)} \
+      ${config.home.homeDirectory}/.ssh/ephemeral_sshd/authorized_keys
+  '';
+
   # TODO: consider
   # https://nest.pijul.com/yonkeltron/macOS-nix-config:main/ZLDSMIXK5XFW6.EIAAA
   # and