From b6841138beff5edeba44957d4292a1d35b1c8287 Mon Sep 17 00:00:00 2001 From: sinavir Date: Thu, 5 Dec 2024 09:59:59 +0100 Subject: [PATCH] feat: init roam01 --- keys/default.nix | 7 + machines/roam01/_configuration.nix | 18 +++ machines/roam01/_hardware-configuration.nix | 62 ++++++++ machines/roam01/secrets/secrets.nix | 4 + .../roam01/secrets/systemd-network-wg_key | 39 +++++ machines/roam01/wireguard.nix | 58 +++++++ machines/router02/_configuration.nix | 1 + .../router02/secrets/systemd-network-wg_key | 39 +++++ machines/router02/wireguard.nix | 41 +++-- meta/network.nix | 19 +++ meta/nodes.nix | 2 +- meta/options.nix | 142 +++++++++++++++--- meta/organization.nix | 62 +++++++- 13 files changed, 459 insertions(+), 35 deletions(-) create mode 100644 machines/roam01/_configuration.nix create mode 100644 machines/roam01/_hardware-configuration.nix create mode 100644 machines/roam01/secrets/secrets.nix create mode 100644 machines/roam01/secrets/systemd-network-wg_key create mode 100644 machines/roam01/wireguard.nix create mode 100644 machines/router02/secrets/systemd-network-wg_key diff --git a/keys/default.nix b/keys/default.nix index b3df704..f191493 100644 --- a/keys/default.nix +++ b/keys/default.nix @@ -14,10 +14,17 @@ rec { _keys = (import "${_sources.infrastructure}/keys")._keys // { krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ]; router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ]; + roam01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXjzVxYs5v5+7N0tyqpBQERXKjXwTZUqVGkdye4S1LP" ]; }; + _vpnKeys = + builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members + // builtins.mapAttrs (_: v: v.vpnKeys) meta.network; + getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls); + getVpnKey = vpn: name: _vpnKeys.${name}.${vpn}; + mkSecrets = nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); }; diff --git a/machines/roam01/_configuration.nix b/machines/roam01/_configuration.nix new file mode 100644 index 0000000..4815028 --- /dev/null +++ b/machines/roam01/_configuration.nix @@ -0,0 +1,18 @@ +{ lib, ... }: + +lib.extra.mkConfig { + enabledModules = [ + # List of modules to enable + ]; + + enabledServices = [ + # List of services to enable + "wireguard" + ]; + + extraConfig = { + networking.interfaces.enp1s0.useDHCP = true; + }; + + root = ./.; +} diff --git a/machines/roam01/_hardware-configuration.nix b/machines/roam01/_hardware-configuration.nix new file mode 100644 index 0000000..94ca620 --- /dev/null +++ b/machines/roam01/_hardware-configuration.nix @@ -0,0 +1,62 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + modulesPath, + ... +}: + +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ + "xhci_pci" + "usb_storage" + "usbhid" + "sd_mod" + "sdhci_pci" + ]; + kernelModules = [ ]; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/bfb4359b-75b2-4fa0-bdb6-283658a0019a"; + fsType = "xfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/1A70-E9AE"; + fsType = "vfat"; + options = [ + "fmask=0022" + "dmask=0022" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/6518c729-a0cb-41b4-acc8-ec219d0afba6"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp4s0d1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/roam01/secrets/secrets.nix b/machines/roam01/secrets/secrets.nix new file mode 100644 index 0000000..2fd623f --- /dev/null +++ b/machines/roam01/secrets/secrets.nix @@ -0,0 +1,4 @@ +(import ../../../keys).mkSecrets [ "roam01" ] [ + # List of secrets for router02 + "systemd-network-wg_key" +] diff --git a/machines/roam01/secrets/systemd-network-wg_key b/machines/roam01/secrets/systemd-network-wg_key new file mode 100644 index 0000000..affe415 --- /dev/null +++ b/machines/roam01/secrets/systemd-network-wg_key @@ -0,0 +1,39 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA eITDLS0bZ9nCNbcpXN2S2JK6+gy0V9Ix5anuz1DXpi8 +h/3wu702P2+Mnrsh5EimLoLY6XPiyTvjytjVr2nVPU0 +-> ssh-ed25519 QlRB9Q atT+Cb4dk/jH7uhQ7b8Qu1E4tFcrm7mUzqhwlvciCng +eZvsq5OsW7cxf4EmE7L4KhzmiCRhV72ILT5mOg3D7GY +-> ssh-ed25519 r+nK/Q RfAubzTOifMb9Pukkwkh7iUgOLxmIxkPCBhZqzohHA4 +0rdpQrp7iSRjGCsi7EjOcuCx2YXXscJxIYv0vfpV9hw +-> ssh-rsa krWCLQ +tBs7XiMvJdAqbtZTaDxgyLrHxyUjgKU4amTtPdVxRUuqm4uSoxoHJj7N6NGBPhW4 +ODB8ft5OoAwjtP/D12pNUn3fsIuo7DJGc57Dt74f0ge+MWTVI/tEC8I8EVOVYIpv +Udc1kW8n2CCdkAulSrvlfLQPuVFUcOYWGTvEVE05gPRoJ7NiXR9CW2ByyRjD12Fj +W+8c/H0/h8CmWGRFMZG+xlt9DmYNegz2TCKyTJPtWHRT6sYCqct13GQP/C8s8fJv +ZQjIUcF91EBTr6Gc0fGEYFmKQckOkEeAG3P92YuK9NLyHw5xHl9M+gFZlYsQ91kg +/uVW29GmK7qoyxpUP0GamA +-> ssh-ed25519 /vwQcQ 0y6bP+6t8EhcHs7ap/FmCDWxQLCkDF5KyeXlGZln9Qc +9xpybiFqQTxJ8Po0044HRhoBlmcFzqeXMG3IrZzKOdI +-> ssh-ed25519 0R97PA 1pn+9GwTf+AHsSCqI+xe0blM/6qJUgCgjCF3mlEV4k0 +W278+7Qc5/QyALiy1Gt8WKqCw+MX4Ko0VLV+p1KoSjA +-> ssh-ed25519 JGx7Ng hrWsXtVn1DNQ86woVee66ljaMpgBBoJmHdS7qyESbz0 +dRPPTNmGYFZ+VR9gPhfD5wutqIuJXXEtoMapnAShrHE +-> ssh-ed25519 bUjjig RzQTuUiEmKd9VqYMKz3cbaU7v4OncTK8N1VA+4M851w +49tmBO+NwrGfNyDwcyuk+7DFqK0yYfZoJ98qeYg0yBY +-> ssh-ed25519 5SY7Kg 9icmp/ZQKCNxep3mnqbJs3pfjaunJwpK9OP5PhXSvE4 +Yx6OjFMMwg+MRsHSlg8DjBDF5jumxJcweaWPsy0TCNU +-> ssh-ed25519 p/Mg4Q yhvaDm7yq75qq2Sb5wmXqunG5sHoamAi0r/kBOFHJjw +ZnmJd4au4dGscs7HdW1TqqLjqniRT3EhivgllyuGp5s +-> ssh-ed25519 5rrg4g oQn9sbjixiuN02aDo/v4n6JWTT4MPbYVwni0OW04NFk +hhYoASjz7CPqNXwGCOydrzadudrvncUsv318zFFUB0A +-> ssh-ed25519 oRtTqQ holCshSmzD+N5BYaUOv00WZlFn0UOLTikddFPZpCw1o +XdPjWqs7UqmA4ZLbgNAlDuHcdEGeeGCryBLE0jUtRbM +-> ssh-ed25519 F2C+8w h7ncoDRcnH+pVcRAP5au111c47oRjg4ISn93qK912zk +7sisrDx+avRb9HE2WvYkgSErsvNMqsc+UESmRKt7xz8 +-> ssh-ed25519 PMC4Bw oyKwRE22OV8RupaRKV6MgdL9sYK12NvhRDseQwo2MWE +oQOX7qy2Lo6eqmOBqgCjssu5mrd85NQDwmOdzIrj7yg +-> :1G-grease +krZ6nazBc8pS3EHxhcidv4uBigiek7jhODqwOoFQa3+31acCrziN8elOxd6gEa7B +a/xpMlN0 +--- BZD889tFoBkFafKWHk0vfNhpP+YtdcU+wpmm0d9RV+Q +yz5Y7Y}"Q{sy;ǓdPX4ϛc1AvJ<^fv3U%e]P \ No newline at end of file diff --git a/machines/roam01/wireguard.nix b/machines/roam01/wireguard.nix new file mode 100644 index 0000000..aa68f46 --- /dev/null +++ b/machines/roam01/wireguard.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + dgn-keys, + name, + ... +}: +let + mkPeer = + prefix: peerName: + let + peer = dgn-keys.getVpnKey "wg-mgmt" peerName; + in + { + Endpoint = "129.199.146.230:1194"; + PersistentKeepalive = 25; + AllowedIPs = [ + "fdaa::${prefix}:0/64" + ]; + PublicKey = peer.key; + }; +in + +{ + age-secrets.autoMatch = [ "systemd-network" ]; + networking.firewall.trustedInterfaces = [ "wg0" ]; + systemd.network = { + networks = { + "50-wg-mgmt" = { + name = "wg-mgmt"; + address = [ + "fdaa::${lib.toHexString (dgn-keys.getVpnKey "wg-mgmt" name).id}/64" + ]; + routes = [ + { + Destination = "fdaa::/64"; + Scope = "link"; + } + ]; + }; + }; + netdevs = { + "50-wg-mgmt" = { + netdevConfig = { + Name = "wg-mgmt"; + Kind = "wireguard"; + }; + wireguardConfig = { + ListenPort = 1194; + PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path; + }; + + wireguardPeers = builtins.map (mkPeer "0") [ "router02" ]; + }; + }; + }; + networking.firewall.allowedUDPPorts = [ 1194 ]; +} diff --git a/machines/router02/_configuration.nix b/machines/router02/_configuration.nix index 0655177..bcbef26 100644 --- a/machines/router02/_configuration.nix +++ b/machines/router02/_configuration.nix @@ -8,6 +8,7 @@ lib.extra.mkConfig { enabledServices = [ # List of services to enable "networking" + "wireguard" ]; extraConfig = { }; diff --git a/machines/router02/secrets/systemd-network-wg_key b/machines/router02/secrets/systemd-network-wg_key new file mode 100644 index 0000000..dcc2062 --- /dev/null +++ b/machines/router02/secrets/systemd-network-wg_key @@ -0,0 +1,39 @@ +age-encryption.org/v1 +-> ssh-ed25519 jIXfPA 6v2v03EntXNNOnWAuZEcLybn6iWI+LB0kA/AbzszgQs +aqtydlqLgpfvC9rz0x0MshF+RfYJSpQaah5moS3CsGY +-> ssh-ed25519 QlRB9Q 8SqWmf7skeFnmT1HU43V7PwaqYl/hHTifx70qr05Y3c +W/b0CABozdoiSXWokOs+ChRL2pKCjL/b3kZHsBLBemw +-> ssh-ed25519 r+nK/Q TwRRJzM7q81lTdiMwINKYs5RqUaKR9odwTj0CaAUOFU +mYvyP/UeLFDgXFAUkCfZRNuRTJBL5t01nQ5a3U9BVrc +-> ssh-rsa krWCLQ +ssWV1ySMEEZJEsNUjss0U+rLVLYVLlPovyeqv3dWgRdbojFOboXZh7yo07KHOuu8 +N3QU64Iy1B8VOoPPhkfRURJjsjEEt/48gwMm9Ff9lmF/rxuw8KOPlGgAF+HwGK0z +Y2gTJkehFuuBN70jsPpCGqlEpmbwLfw1BbYp8zYEq6OKXkhZjIWVEwfa3Ahiw0Z7 +3VTC/9GVhpPu/s532TxYNsTZj6nBSp22jc8AZZvOxbPrV5Qk8yLb3JMfXBWn3bJv +N4A1x+ibCI6bnl+gYzmVjiquMuo8CMR1t+KAp6nNfv1dZT5UDBYKswYQ1AhQi7jh +KzBK3vInE18L3qWPxt4Zdw +-> ssh-ed25519 /vwQcQ YilslLDdIPQRNOr/ZA+WreHP5PNBiy/f6xz2UImsEQA +gjH2VsGYM/bJu+X5vwF1y+r0+pDC7EOjesuawUw5WAo +-> ssh-ed25519 0R97PA qFqvdP6/zg+/ruLrNmmFdi0ED43LVNtrfFISTVMLimA +YQyo/5tyH2JMPWiqV0bxWhMWVpyjcaQc9nr1WPUMygc +-> ssh-ed25519 JGx7Ng /SvvUDt/rDTaFOqaxL+d49pNyx7Wvkl0FMr36RIsxgQ +pF191qRavD24LSw2JHKpVKFGK281UitMTcLDV7Zw87M +-> ssh-ed25519 bUjjig +o1W/J1qFW96kC5SCz5azW4ar/bGglWOIST/VEBl0k8 +mHPgOqZN5eLw5AG47TIXccckR1qhhr6Ix08l3CY2NF4 +-> ssh-ed25519 5SY7Kg 53VjPE/xjun7Q1fKUaRKoEw1p5ble9fiunb/hX8sSns +5ro90MKLPz2rqdHghVBbrKXiRHHUEeRKkB+RZwxX1Ls +-> ssh-ed25519 p/Mg4Q tLc6UNchEe2AR/91gGauHIhD84UfKbIgS5MR77dhxhw +Q5/8BbmXj9wTv0oHr73Au3gNgMDPxT1btyRFhVZ+My8 +-> ssh-ed25519 5rrg4g WVq0dsHIxZffMqbAgdtBoMZDpzWI2eSc/gYuohn2JHc +CXBXkFLl8ljpBZK3emGaj5D0lb07KfCBeHPLc0AuCFA +-> ssh-ed25519 oRtTqQ Zq/GevKIc0qaGd0jXWpkd88BxA6yPonFzvxqxtylCiw +KO0avMpoF1ICg+17xvsmBLGsZ4FVorjkcMl/adT2/IU +-> ssh-ed25519 F2C+8w b9E1FgolbSv9cbAKTwSUnUhcilOFC3mkX8zEgeYwJxs +vqh2UldeQQTkDuiRxrT8+Xxdpt2s16X+14J57rpZVKM +-> ssh-ed25519 Dk/ltw 9zNl1I2J0A99y6G2M4JHhUVgn/9xcCaDz+I1NQxJewg +GFQp+hYM9dyICmI5UmdnNftq7g3QyNH3MlkAoag8YtQ +-> jn$!zr-grease w#SDYrYf +tNm7A1/g1RMy3lwzsibb/VhsMojufa8iCJCfZ5PG13ikyKab/8GY2oBO282yzcGJ +NLDaG5WbIbese3Rxi+rC0ucRZYWlx/w +--- 8tELVgxGaIQsgC4NrrRbSh8Y8p+d8sQLG6pWZrc4b3o +k uE4>7>pKH$8Mޟ@ f`XLi:&w> 4,#qh4 \ No newline at end of file diff --git a/machines/router02/wireguard.nix b/machines/router02/wireguard.nix index eef0b2d..bbb57ef 100644 --- a/machines/router02/wireguard.nix +++ b/machines/router02/wireguard.nix @@ -1,13 +1,33 @@ -{ config, ... }: { - config.age-secrets.autoMatch = [ "systemd-network" ]; + config, + lib, + dgn-keys, + name, + ... +}: +let + mkPeer = + prefix: peerName: + let + peer = dgn-keys.getVpnKey "wg-mgmt" peerName; + in + { + AllowedIPs = [ + "fdaa::${prefix}:${lib.toHexString peer.id}/32" + ]; + PublicKey = peer.key; + }; +in + +{ + age-secrets.autoMatch = [ "systemd-network" ]; networking.firewall.trustedInterfaces = [ "wg0" ]; systemd.network = { networks = { "50-wg-mgmt" = { name = "wg-mgmt"; address = [ - "fdaa::1/64" + "fdaa::${lib.toHexString (dgn-keys.getVpnKey "wg-mgmt" name).id}/64" ]; routes = [ { @@ -28,17 +48,14 @@ PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path; }; - wireguardPeers = [ - { - AllowedIPs = [ - "fdaa::2/64" - ]; - PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA="; - } - ]; + wireguardPeers = + builtins.map (mkPeer "1") [ + "mdebray" + "catvayor" + ] + ++ builtins.map (mkPeer "0") [ "roam01" ]; }; }; }; networking.firewall.allowedUDPPorts = [ 1194 ]; } - diff --git a/meta/network.nix b/meta/network.nix index 2dd2193..dffbce8 100644 --- a/meta/network.nix +++ b/meta/network.nix @@ -110,6 +110,13 @@ in addresses.ipv4 = [ "129.199.146.230" ]; + vpnKeys = { + wg-mgmt = { + id = 1; + key = "PN8/zo1Clue7jAnkvaUOg1ZdmcXmcTb6kIRpu5cplHs="; + }; + }; + hostId = "144d0f7a"; }; photo01 = { @@ -119,5 +126,17 @@ in hostId = "bcf8ff03"; }; + roam01 = { + interfaces = { }; + + vpnKeys = { + wg-mgmt = { + id = 2; + key = "Yg1GwHbJ7kwNbnjxI+5LtgDvzMPMiOm3EgI/saLI7FU="; + }; + }; + + hostId = "999dc679"; + }; } // mkRoutexp (import ./routexp.nix) diff --git a/meta/nodes.nix b/meta/nodes.nix index 2b5f1c0..aaf2977 100644 --- a/meta/nodes.nix +++ b/meta/nodes.nix @@ -94,7 +94,7 @@ in hashedPassword = "$y$j9T$5OchePm5POsgveGLY/bKy/$9XkkZq9aBycg.YImEzFSiYRbAfBO0A4G7qMGIF/WEo9"; - deployment.targetHost = "129.199.146.37"; + deployment.targetHost = "129.199.146.39"; stateVersion = "24.11"; nixpkgs = "unstable"; diff --git a/meta/options.nix b/meta/options.nix index 0344793..5e94742 100644 --- a/meta/options.nix +++ b/meta/options.nix @@ -14,11 +14,14 @@ let ints listOf nullOr + singleLineStr str submodule unspecified ; + inherit (ints) positive; + addressType = max: submodule { @@ -34,6 +37,22 @@ let }; }; + vpnKeyType = submodule { + options = { + id = mkOption { + type = positive; + description = '' + Unique ID that will be used to guess IP address + ''; + }; + key = mkOption { + type = str; + description = '' + Public key of the user for this VPN + ''; + }; + }; + }; org = config.organization; in @@ -41,23 +60,55 @@ in options = { organization = { members = mkOption { - type = attrsOf (submodule { - options = { - name = mkOption { - type = str; - description = '' - Name of the member. - ''; - }; + type = attrsOf ( + submodule ( + { name, ... }: + { + options = { + name = mkOption { + type = str; + description = '' + Name of the member. + ''; + }; - email = mkOption { - type = str; - description = '' - Main e-mail address of the member. - ''; - }; - }; - }); + email = mkOption { + type = str; + description = '' + Main e-mail address of the member. + ''; + }; + + username = mkOption { + type = str; + default = name; + description = '' + The username used for authentication. + WARNING: Must be the same as the ens login! + ''; + }; + + sshKeys = lib.mkOption { + type = listOf singleLineStr; + description = '' + A list of verbatim OpenSSH public keys that should be added to the + user's authorized keys. + ''; + example = [ + "ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host" + "ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar" + ]; + }; + + vpnKeys = mkOption { + type = attrsOf vpnKeyType; + default = { }; + description = "Attribute sets to define vpn keys of the user"; + }; + }; + } + ) + ); description = '' Members of the DGNum organization. @@ -70,6 +121,39 @@ in Groups of the DGNum organization. ''; }; + + external = mkOption { + type = attrsOf (listOf str); + description = '' + External services used by the DGNum organization. + ''; + }; + + services = mkOption { + type = attrsOf (submodule { + options = { + admins = mkOption { + type = listOf str; + default = [ ]; + description = '' + List of administrators of the service. + ''; + }; + + adminGroups = mkOption { + type = listOf str; + default = [ ]; + description = '' + List of administrator groups of the service. + ''; + }; + }; + }); + description = '' + Administrator access of the different DGNum services, + it is mainly indicative as most services cannot configure this statically. + ''; + }; }; nodes = mkOption { @@ -256,6 +340,13 @@ in IP address of the node in the netbird network. ''; }; + + vpnKeys = mkOption { + type = attrsOf vpnKeyType; + default = { }; + description = "Attribute sets to define vpn keys of the machine"; + + }; }; config = @@ -327,11 +418,20 @@ in extract "adminGroups" config.nodes )) - # Check that all members have ssh keys - (builtins.map (name: { - assertion = ((import ../keys)._keys.${name} or [ ]) != [ ]; - message = "No ssh keys found for ${name}."; - }) members) + # Check that all services admins exist + (membersExists (name: "A member of the service ${name} admins was not found in the members list.") ( + extract "admins" org.services + )) + + # Check that all services adminGroups exist + (groupsExists ( + name: "A member of the service ${name} adminGroups was not found in the groups list." + ) (extract "adminGroups" org.services)) + + # Check that all external services admins exist + (membersExists ( + name: "A member of the external service ${name} admins was not found in the members list." + ) org.external) ]; }; } diff --git a/meta/organization.nix b/meta/organization.nix index b8a4016..fd2acf0 100644 --- a/meta/organization.nix +++ b/meta/organization.nix @@ -5,44 +5,104 @@ { members = { + agroudiev = { + name = "Antoine Groudiev"; + email = "antoine.groudiev@dgnum.eu"; + sshKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgyt3ntpcoI/I2n97R1hzjBiNL6R98S73fSi7pkSE/8mQbI8r9GzsPUBcxQ+tIg0FgwkLxTwF8DwLf0E+Le/rPznxBS5LUQaAktSQSrxz/IIID1+jN8b03vf5PjfKS8H2Tu3Q8jZXa8HNsj3cpySpGMqGrE3ieUmknd/YfppRRf+wM4CsGKZeS3ZhB9oZi3Jn22A0U/17AOJTnv4seq+mRZWRQt3pvQvpp8/2M7kEqizie/gTr/DnwxUr45wisqYYH4tat9Cw6iDr7LK10VCrK37BfFagMIZ08Hkh3c46jghjYNQWe+mBUWJByWYhTJ0AtYrbaYeUV1HVYbsRJ6bNx25K6794QQPaE/vc2Z/VK/ILgvJ+9myFSAWVylCWdyYpwUu07RH/jDBl2aqH62ESwAG7SDUUcte6h9N+EryAQLWc8OhsGAYLpshhBpiqZwzX90m+nkbhx1SqMbtt6TS+RPDEHKFYn8E6FBrf1FK34482ndq/hHXZ88mqzGb1nOnM=" + ]; + }; + catvayor = { name = "Lubin Bailly"; email = "catvayor@dgnum.eu"; + username = "lbailly"; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor" + ]; + vpnKeys = { + wg-mgmt = { + id = 1; + key = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4="; + }; + }; }; - cst1 = { name = "Constantin Gierczak--Galle"; email = "cst1@dgnum.eu"; + username = "cgierczakgalle"; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270" + ]; }; ecoppens = { name = "Elias Coppens"; email = "ecoppens@dgnum.eu"; + sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA" ]; }; jemagius = { name = "Jean-Marc Gailis"; email = "jm@dgnum.eu"; + username = "jgailis"; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8=" + ]; }; luj = { name = "Julien Malka"; email = "luj@dgnum.eu"; + username = "jmalka"; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower" + ]; + }; + + mboyer = { + name = "Matthieu Boyer"; + email = "matthieu.boyer@dgnum.eu"; + username = "mboyer02"; + sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYnwZaFYvUxtJeNvpaA20rLfq8fOO4dFp7cIXsD8YNx" ]; }; mdebray = { name = "Maurice Debray"; email = "maurice.debray@dgnum.eu"; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDnSl3cyWil+S5JiyGqOvBR3wVh+lduw58S5WvraoL maurice@fekda" + ]; + vpnKeys = { + wg-mgmt = { + id = 2; + key = "+nTxD4ZAzk+9LHGwEfK0t2cMQf0ognBYmhybNbCzW38="; + }; + }; }; raito = { name = "Ryan Lahfa"; email = "ryan@dgnum.eu"; + username = "rlahfa"; + sshKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU" + ]; }; thubrecht = { name = "Tom Hubrecht"; email = "tom.hubrecht@dgnum.eu"; + sshKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" + ]; }; };