fix authorized keys

infra/common/resource.nix

@@ -5,7 +5,7 @@
 }:
 
 let
-  inherit (lib) elem mkDefault;
+  inherit (lib) attrValues elem mkDefault;
   inherit (lib.attrsets) concatMapAttrs optionalAttrs;
   inherit (lib.strings) removeSuffix;
 
@@ -34,4 +34,8 @@ in
       ${removeSuffix ".age" name}.file = secretsPrefix + "/${name}";
     }
   ) secrets;
+
+  ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
+  ## supports users with password-less sudo.
+  users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors;
 }

infra/dev/main.tf

@@ -14,7 +14,7 @@ module "nixos" {
     # wiki = "vm02187" # does not resolve
     # forgejo = "vm02116" # does not resolve
     # TODO: move these to a separate `host` dir
-    # dns = "fedi200" # does not accept root user
+    dns = "fedi200"
     fedipanel = "fedi201"
   } : name => {
       hostname = inst

infra/operator/main.tf

@@ -64,7 +64,7 @@ module "nixos" {
         ## FIXME: switch root authentication to users with password-less sudo, see #24
         users.users.root.openssh.authorizedKeys.keys = let
           keys = import ../../keys;
-        in builtins.attrValues keys.contributors ++ [
+        in [
           # allow our panel vm access to the test machines
           keys.panel
         ];