From 1dab0d9e770466c64b6a822d30307848b710c40c Mon Sep 17 00:00:00 2001
From: Super User <root@p.noml.ch>
Date: Mon, 23 Mar 2026 19:16:09 +0800
Subject: embed keys, make scripts idempotent

---
 core/packages/install_rust.sh                           |  2 +-
 core/ssh.sh                                             | 12 ++++++------
 keys/README                                             |  1 +
 keys/add-ssh-keys.sh                                    |  7 +++++++
 keys/id_ed25519_sk_rk_keychain190326_keychain190326.pub |  1 +
 keys/keychain_icloud.pub                                |  1 +
 keys/macm1-resident.pub                                 |  1 +
 keys/macm1_yubic.pub                                    |  1 +
 keys/macm4-resident.pub                                 |  1 +
 keys/t480-resident.pub                                  |  1 +
 keys/t480-yubia.pub                                     |  1 +
 11 files changed, 22 insertions(+), 7 deletions(-)
 create mode 100644 keys/README
 create mode 100755 keys/add-ssh-keys.sh
 create mode 100644 keys/id_ed25519_sk_rk_keychain190326_keychain190326.pub
 create mode 100644 keys/keychain_icloud.pub
 create mode 100644 keys/macm1-resident.pub
 create mode 100644 keys/macm1_yubic.pub
 create mode 100644 keys/macm4-resident.pub
 create mode 100644 keys/t480-resident.pub
 create mode 100644 keys/t480-yubia.pub

diff --git a/core/packages/install_rust.sh b/core/packages/install_rust.sh
index 921a533..a0b0728 100755
--- a/core/packages/install_rust.sh
+++ b/core/packages/install_rust.sh
@@ -2,6 +2,6 @@
 
 # Install Rust and Cargo tools
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-echo '[ -f "$HOME/.cargo/env" ] && source "$HOME/.cargo/env"' >> ~/.bashrc
+grep -q 'cargo/env' ~/.bashrc || echo '[ -f "$HOME/.cargo/env" ] && source "$HOME/.cargo/env"' >> ~/.bashrc
 source "$HOME/.cargo/env"
 cargo install cargo-clone-crate cargo-edit cargo-info evcxr_jupyter bacon du-dust ripgrep bandwhich
diff --git a/core/ssh.sh b/core/ssh.sh
index c4454ae..f23d571 100755
--- a/core/ssh.sh
+++ b/core/ssh.sh
@@ -2,11 +2,11 @@
 
 dnf install -y git
 
-echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
-echo "AllowTcpForwarding yes" | sudo tee -a /etc/ssh/sshd_config
-echo "GatewayPorts yes" | sudo tee -a /etc/ssh/sshd_config
-echo "AllowAgentForwarding yes" | sudo tee -a /etc/ssh/sshd_config
+grep -q 'PasswordAuthentication no' /etc/ssh/sshd_config || echo "PasswordAuthentication no" | sudo tee -a /etc/ssh/sshd_config
+grep -q 'AllowTcpForwarding yes' /etc/ssh/sshd_config || echo "AllowTcpForwarding yes" | sudo tee -a /etc/ssh/sshd_config
+grep -q 'GatewayPorts yes' /etc/ssh/sshd_config || echo "GatewayPorts yes" | sudo tee -a /etc/ssh/sshd_config
+grep -q 'AllowAgentForwarding yes' /etc/ssh/sshd_config || echo "AllowAgentForwarding yes" | sudo tee -a /etc/ssh/sshd_config
 
-git clone https://git.noml.ch/keys/ ~/keys
-~/keys/add-ssh-keys.sh
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+"$SCRIPT_DIR/../keys/add-ssh-keys.sh"
 sudo systemctl restart sshd
diff --git a/keys/README b/keys/README
new file mode 100644
index 0000000..9f13c89
--- /dev/null
+++ b/keys/README
@@ -0,0 +1 @@
+hiii
diff --git a/keys/add-ssh-keys.sh b/keys/add-ssh-keys.sh
new file mode 100755
index 0000000..b559e42
--- /dev/null
+++ b/keys/add-ssh-keys.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+
+cd "$( dirname "${BASH_SOURCE[0]}" )" || exit 1
+
+mkdir -p ~/.ssh
+cat *.pub | sort -u > ~/.ssh/authorized_keys
+chmod 600 ~/.ssh/authorized_keys
diff --git a/keys/id_ed25519_sk_rk_keychain190326_keychain190326.pub b/keys/id_ed25519_sk_rk_keychain190326_keychain190326.pub
new file mode 100644
index 0000000..eca3d7b
--- /dev/null
+++ b/keys/id_ed25519_sk_rk_keychain190326_keychain190326.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM9UbppbCUSdWCiN2dRBEeNJUQUhELPIQZOxZqHMM8c0AAAAEnNzaDprZXljaGFpbjE5MDMyNg== ssh:keychain190326
diff --git a/keys/keychain_icloud.pub b/keys/keychain_icloud.pub
new file mode 100644
index 0000000..154bceb
--- /dev/null
+++ b/keys/keychain_icloud.pub
@@ -0,0 +1 @@
+ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAEXdJilQjHPu0SgU0BuQflfVgQWo2+NhnHP+WhN2j6a+t7tMiWuUfrxAevc8wWRp28GNH9M2Uzw/+y0c44u51NU4wEMqtGPih00VrXDh3c1cBfGFE4eRssHuDKl4xYwUi9uJGJlwV+fqsjuXkUiV/nCjhCtq60WgfogIKczAbR+WZdx9Q== user@keychain_icloud
diff --git a/keys/macm1-resident.pub b/keys/macm1-resident.pub
new file mode 100644
index 0000000..3a3bc33
--- /dev/null
+++ b/keys/macm1-resident.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIGoBf5Lj8oDjXaXNrXtO8YVdOLgV2FN/bwiX93VxDmZ0AAAAEnNzaDptYWNtMS1yZXNpZGVudA== macm1-resident
diff --git a/keys/macm1_yubic.pub b/keys/macm1_yubic.pub
new file mode 100644
index 0000000..eb2a049
--- /dev/null
+++ b/keys/macm1_yubic.pub
@@ -0,0 +1 @@
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBKIKa3oawYJwxvjRXcLpeXx1QcW3U2AtFd1JbV+nodjLckeeyH3UyFgQKdASeH92yESY5baAneo+5yPMp4oekqEAAAAEc3NoOg== s22@x-2.local
diff --git a/keys/macm4-resident.pub b/keys/macm4-resident.pub
new file mode 100644
index 0000000..fbccb4f
--- /dev/null
+++ b/keys/macm4-resident.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIFdHP8n64jOV6Ok7U9TDnGW+LUkXP6V7cvXH6xqN0zcNAAAAEnNzaDptYWNtNC1yZXNpZGVudA== ssh:macm4-resident
diff --git a/keys/t480-resident.pub b/keys/t480-resident.pub
new file mode 100644
index 0000000..41c952e
--- /dev/null
+++ b/keys/t480-resident.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH1xsj/78WbNv/qxDI6I/jJcZUvXwu9bKowOiiehasaKAAAAEXNzaDp0NDgwLXJlc2lkZW50 ssh:t480-resident
diff --git a/keys/t480-yubia.pub b/keys/t480-yubia.pub
new file mode 100644
index 0000000..7e80c19
--- /dev/null
+++ b/keys/t480-yubia.pub
@@ -0,0 +1 @@
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIM/QIHPL6zgC5ZCzD7+vTFh+lg41HqDdKe3iBjKAGHRHAAAADnNzaDp0NDgwLXl1Ymlh t480-yubia
-- 
cgit