From 24adaf03c3c6b4c7745d0c0016af519755e7eaae Mon Sep 17 00:00:00 2001
From: Thomas Dehaeze <dehaeze.thomas@gmail.com>
Date: Wed, 15 Apr 2026 15:17:06 +0200
Subject: [PATCH] Just generate one ssh key per machine

---
 install.org             | 56 +++++++++++++++++++++++------------------
 scripts/install-main.sh | 54 +++++++++++++++++++++------------------
 2 files changed, 62 insertions(+), 48 deletions(-)

diff --git a/install.org b/install.org
index 1578a60..2117077 100644
--- a/install.org
+++ b/install.org
@@ -345,31 +345,38 @@ paru -S --needed \
 
 ** SSH Keys for Tunnels
 
+Use a single SSH key for all hosts (matches =~/.ssh/config=).
+
 #+begin_src bash
-setup_ssh_key() {
-    local key_name="$1"
+KEY_FILE="$HOME/.ssh/id_ed25519"
+HOMELAB_OK=1
+ESRF_OK=1
+
+# Generate main SSH key if it doesn't exist
+if [ ! -f "${KEY_FILE}" ]; then
+    echo ""
+    echo "==> Generating main SSH key"
+    read -p "Generate new SSH key at ${KEY_FILE}? [y/N] " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        ssh-keygen -t ed25519 -C "thomas@$(hostname)" -f "${KEY_FILE}" -N ""
+    else
+        echo "Skipping SSH key generation"
+    fi
+fi
+
+# Deploy key to a remote host if needed
+deploy_ssh_key() {
+    local host_name="$1"
     local remote_host="$2"
     local remote_port="${3:-22}"
-    local key_file="$HOME/.ssh/id_ed25519_${key_name}"
 
     echo ""
-    echo "==> Setting up SSH key for ${key_name}"
-
-    # Generate key if it doesn't exist
-    if [ ! -f "${key_file}" ]; then
-        read -p "Generate new SSH key for ${key_name}? [y/N] " -n 1 -r
-        echo
-        if [[ $REPLY =~ ^[Yy]$ ]]; then
-            ssh-keygen -t ed25519 -C "${key_name}-tunnel" -f "${key_file}" -N ""
-        else
-            echo "Skipping ${key_name} key generation"
-            return 1
-        fi
-    fi
+    echo "==> Checking SSH key for ${host_name}"
 
     # Check if we can connect without password
-    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" -i "${key_file}" "${remote_host}" exit 2>/dev/null; then
-        echo "SSH key for ${key_name} is already deployed ✓"
+    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" "${remote_host}" exit 2>/dev/null; then
+        echo "SSH key for ${host_name} is already deployed ✓"
         return 0
     fi
 
@@ -377,19 +384,20 @@ setup_ssh_key() {
     read -p "Deploy SSH key to ${remote_host}? [y/N] " -n 1 -r
     echo
     if [[ $REPLY =~ ^[Yy]$ ]]; then
-        ssh-copy-id -i "${key_file}.pub" -p "${remote_port}" "${remote_host}"
+        ssh-copy-id -i "${KEY_FILE}.pub" -p "${remote_port}" "${remote_host}"
+        return 0
     else
-        echo "Skipping ${key_name} key deployment"
+        echo "Skipping ${host_name} key deployment"
         return 1
     fi
 }
 
-# Setup homelab key
-setup_ssh_key "homelab" "homelab" 22
+# Setup homelab
+deploy_ssh_key "homelab" "homelab" 22
 HOMELAB_OK=$?
 
-# Setup ESRF key
-setup_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
+# Setup ESRF
+deploy_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
 ESRF_OK=$?
 #+end_src
 
diff --git a/scripts/install-main.sh b/scripts/install-main.sh
index f55a39e..86443f1 100755
--- a/scripts/install-main.sh
+++ b/scripts/install-main.sh
@@ -113,30 +113,35 @@ paru -S --needed \
     highlight-pointer-git \
     mpd
 
-setup_ssh_key() {
-    local key_name="$1"
+KEY_FILE="$HOME/.ssh/id_ed25519"
+HOMELAB_OK=1
+ESRF_OK=1
+
+# Generate main SSH key if it doesn't exist
+if [ ! -f "${KEY_FILE}" ]; then
+    echo ""
+    echo "==> Generating main SSH key"
+    read -p "Generate new SSH key at ${KEY_FILE}? [y/N] " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+        ssh-keygen -t ed25519 -C "thomas@$(hostname)" -f "${KEY_FILE}" -N ""
+    else
+        echo "Skipping SSH key generation"
+    fi
+fi
+
+# Deploy key to a remote host if needed
+deploy_ssh_key() {
+    local host_name="$1"
     local remote_host="$2"
     local remote_port="${3:-22}"
-    local key_file="$HOME/.ssh/id_ed25519_${key_name}"
 
     echo ""
-    echo "==> Setting up SSH key for ${key_name}"
-
-    # Generate key if it doesn't exist
-    if [ ! -f "${key_file}" ]; then
-        read -p "Generate new SSH key for ${key_name}? [y/N] " -n 1 -r
-        echo
-        if [[ $REPLY =~ ^[Yy]$ ]]; then
-            ssh-keygen -t ed25519 -C "${key_name}-tunnel" -f "${key_file}" -N ""
-        else
-            echo "Skipping ${key_name} key generation"
-            return 1
-        fi
-    fi
+    echo "==> Checking SSH key for ${host_name}"
 
     # Check if we can connect without password
-    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" -i "${key_file}" "${remote_host}" exit 2>/dev/null; then
-        echo "SSH key for ${key_name} is already deployed ✓"
+    if ssh -o BatchMode=yes -o ConnectTimeout=5 -p "${remote_port}" "${remote_host}" exit 2>/dev/null; then
+        echo "SSH key for ${host_name} is already deployed ✓"
         return 0
     fi
 
@@ -144,19 +149,20 @@ setup_ssh_key() {
     read -p "Deploy SSH key to ${remote_host}? [y/N] " -n 1 -r
     echo
     if [[ $REPLY =~ ^[Yy]$ ]]; then
-        ssh-copy-id -i "${key_file}.pub" -p "${remote_port}" "${remote_host}"
+        ssh-copy-id -i "${KEY_FILE}.pub" -p "${remote_port}" "${remote_host}"
+        return 0
     else
-        echo "Skipping ${key_name} key deployment"
+        echo "Skipping ${host_name} key deployment"
         return 1
     fi
 }
 
-# Setup homelab key
-setup_ssh_key "homelab" "homelab" 22
+# Setup homelab
+deploy_ssh_key "homelab" "homelab" 22
 HOMELAB_OK=$?
 
-# Setup ESRF key
-setup_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
+# Setup ESRF
+deploy_ssh_key "esrf" "dehaeze@firewall.esrf.fr" 8022
 ESRF_OK=$?
 
 echo "==> Tangling systemd configs"