From 5c037d9a99f5dc5bca2040b01de6d3af17b9a0f4 Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Sat, 28 Feb 2026 20:03:26 +0000
Subject: [PATCH] fix: prefer root SSH for deploy and trust micqdf in nix

---
 nixos/kubeadm/modules/k8s-common.nix           | 2 ++
 nixos/kubeadm/scripts/rebuild-and-bootstrap.sh | 2 +-
 nixos/kubeadm/scripts/reset-cluster-nodes.sh   | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/nixos/kubeadm/modules/k8s-common.nix b/nixos/kubeadm/modules/k8s-common.nix
index 57fea49..449ee98 100644
--- a/nixos/kubeadm/modules/k8s-common.nix
+++ b/nixos/kubeadm/modules/k8s-common.nix
@@ -59,6 +59,8 @@ in
     KbdInteractiveAuthentication = false;
   };
 
+  nix.settings.trusted-users = [ "root" "micqdf" ];
+
   environment.variables = {
     KUBECONFIG = "/etc/kubernetes/admin.conf";
     KUBE_VIP_IMAGE = kubeVipImage;
diff --git a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
index 1840634..573df19 100755
--- a/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
+++ b/nixos/kubeadm/scripts/rebuild-and-bootstrap.sh
@@ -17,7 +17,7 @@ source "$INVENTORY_FILE"
 SSH_USER="${SSH_USER:-micqdf}"
 SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_ed25519}"
 SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -i $SSH_KEY_PATH}"
-SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-$SSH_USER root}"
+SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-root $SSH_USER}"
 
 declare -A NODE_IPS=()
 declare -a CP_NAMES=()
diff --git a/nixos/kubeadm/scripts/reset-cluster-nodes.sh b/nixos/kubeadm/scripts/reset-cluster-nodes.sh
index d3015aa..b137f7e 100755
--- a/nixos/kubeadm/scripts/reset-cluster-nodes.sh
+++ b/nixos/kubeadm/scripts/reset-cluster-nodes.sh
@@ -16,7 +16,7 @@ source "$INVENTORY_FILE"
 SSH_USER="${SSH_USER:-micqdf}"
 SSH_KEY_PATH="${SSH_KEY_PATH:-$HOME/.ssh/id_ed25519}"
 SSH_OPTS="${SSH_OPTS:--o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -i $SSH_KEY_PATH}"
-SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-$SSH_USER root}"
+SSH_USER_CANDIDATES="${SSH_USER_CANDIDATES:-root $SSH_USER}"
 
 declare -A NODE_IPS=()