nydragon/nix-da
1
Fork 0
Code Issues Pull requests Activity Actions 1

refactor: improve cross host pubkey sharing

Browse source
This commit is contained in:
Nydragon 2024-09-22 17:24:57 +02:00
parent dfc0cb553f
commit db720de9cf
Signed by: nydragon
SSH key fingerprint: SHA256:iQnIC12spf4QjWSbarmkD2No1cLMlu6TWoV7K6cYF5g
5 changed files with 38 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
hosts/raptus/configuration.nix
View file

@ -3,14 +3,9 @@
lib, lib,
pkgs, pkgs,
config, config,
pubkeys,
... ...
}: }:
let
sshAccess = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw" # brontes
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwlScEmVbdc0EH93XLX+K8yP5FKUKzMf/bWTSO+rMiO" # marr
];
in
{ {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -96,7 +91,7 @@ in
pkgs.gitMinimal pkgs.gitMinimal
]; ];
users.users.root.openssh.authorizedKeys.keys = sshAccess; users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
system.stateVersion = "24.11"; system.stateVersion = "24.11";
} }

22
hosts/shan/configuration.nix
View file

@ -2,12 +2,9 @@
modulesPath, modulesPath,
lib, lib,
pkgs, pkgs,
self, pubkeys,
... ...
}: }:
let
pubKeys = (import "${self}/options/keys.nix").allUser;
in
{ {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
@ -21,7 +18,7 @@ in
}; };
modules.server.navidrome = { modules.server.navidrome = {
enable = false; enable = true;
library = { library = {
path = "/mnt/music"; path = "/mnt/music";
type = "nfs"; type = "nfs";
@ -30,7 +27,10 @@ in
path = "/mnt/Fort/data/music"; path = "/mnt/Fort/data/music";
}; };
}; };
settings = { }; settings = {
Address = "127.0.0.1";
Port = 4533;
};
}; };
services.openssh.enable = true; services.openssh.enable = true;
@ -39,15 +39,7 @@ in
pkgs.curl pkgs.curl
]; ];
users.users.root.openssh.authorizedKeys.keys = pubKeys; users.users.root.openssh.authorizedKeys.keys = [ pubkeys.ny ];
virtualisation.docker = {
enableOnBoot = true;
rootless = {
enable = true;
setSocketVariable = true;
};
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";
} }

2
modules/nix/overlays.nix
View file

@ -27,7 +27,7 @@
pkgs = prev.pkgs; pkgs = prev.pkgs;
}; };
rofi-obsidian = inputs'.rofi-obsidian.outputs.packages.rofi-obsidian; rofi-obsidian = inputs'.rofi-obsidian.packages.rofi-obsidian;
nysh = inputs'.nysh.packages.nysh; nysh = inputs'.nysh.packages.nysh;

34
options/keys.nix
View file

@ -1,10 +1,30 @@
rec { { lib, ... }:
brontesUser = [ let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw" inherit (lib) foldl' attrValues;
]; take = machines: map (m: systems.${m}) machines;
marrUser = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGwlScEmVbdc0EH93XLX+K8yP5FKUKzMf/bWTSO+rMiO" ];
allUser = brontesUser ++ marrUser; users = {
ny = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMvPqWPXEUOSMGMIRmirQfbrzq//NkPlEI2TmFpIkSfw";
};
systems = {
brontes = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgknH3OPazZNhH5xkYfXBcYpI3TXj/eRp0/zzjtVJBf";
marr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILMh2nUUKt3xsKiwZUuo6HgvR3lr7rRAl0SOH/502sFP";
raptus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKdpjGR/pV1roktZdKIVVWqds0JB+x1ksfyQmYPMLK7o";
shan = "";
};
all = allUser; workstations = take "brontes" "marr";
server = take "raptus" "shane";
all = foldl' (a: b: a ++ [ b ]) [ users.ny ] (attrValues systems);
in
{
inherit all workstations server;
inherit (users) ny;
inherit (users)
raptus
brontes
marr
shan
;
} }

1
parts/lib/functions.nix
View file

@ -35,6 +35,7 @@
specialArgs = { specialArgs = {
inherit inputs inputs'; inherit inputs inputs';
inherit self self'; inherit self self';
pubkeys = import ../../options/keys.nix { inherit lib; };
username = "ny"; username = "ny";
}; };
} }