feat: init roam01

This commit is contained in:
sinavir 2024-12-05 09:59:59 +01:00 committed by catvayor
parent b9db0d1236
commit b6841138be
Signed by: lbailly
GPG key ID: CE3E645251AC63F3
13 changed files with 459 additions and 35 deletions

View file

@ -14,10 +14,17 @@ rec {
_keys = (import "${_sources.infrastructure}/keys")._keys // {
krz01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP4o65gWOgNrxbSd3kiQIGZUM+YD6kuZOQtblvzUGsfB" ];
router02 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5t0InDV9nTLEqXrenqMJZAjkCAmfzHk6LLLHme3k3j" ];
roam01 = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKXjzVxYs5v5+7N0tyqpBQERXKjXwTZUqVGkdye4S1LP" ];
};
_vpnKeys =
builtins.mapAttrs (_: v: v.vpnKeys) meta.organization.members
// builtins.mapAttrs (_: v: v.vpnKeys) meta.network;
getKeys = ls: builtins.concatLists (builtins.map (getAttr _keys) ls);
getVpnKey = vpn: name: _vpnKeys.${name}.${vpn};
mkSecrets =
nodes: setDefault { publicKeys = unique (rootKeys ++ (builtins.concatMap getNodeKeys' nodes)); };

View file

@ -0,0 +1,18 @@
{ lib, ... }:
lib.extra.mkConfig {
enabledModules = [
# List of modules to enable
];
enabledServices = [
# List of services to enable
"wireguard"
];
extraConfig = {
networking.interfaces.enp1s0.useDHCP = true;
};
root = ./.;
}

View file

@ -0,0 +1,62 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd = {
availableKernelModules = [
"xhci_pci"
"usb_storage"
"usbhid"
"sd_mod"
"sdhci_pci"
];
kernelModules = [ ];
};
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/bfb4359b-75b2-4fa0-bdb6-283658a0019a";
fsType = "xfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/1A70-E9AE";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
swapDevices = [
{ device = "/dev/disk/by-uuid/6518c729-a0cb-41b4-acc8-ec219d0afba6"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0d1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

View file

@ -0,0 +1,4 @@
(import ../../../keys).mkSecrets [ "roam01" ] [
# List of secrets for router02
"systemd-network-wg_key"
]

View file

@ -0,0 +1,39 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA eITDLS0bZ9nCNbcpXN2S2JK6+gy0V9Ix5anuz1DXpi8
h/3wu702P2+Mnrsh5EimLoLY6XPiyTvjytjVr2nVPU0
-> ssh-ed25519 QlRB9Q atT+Cb4dk/jH7uhQ7b8Qu1E4tFcrm7mUzqhwlvciCng
eZvsq5OsW7cxf4EmE7L4KhzmiCRhV72ILT5mOg3D7GY
-> ssh-ed25519 r+nK/Q RfAubzTOifMb9Pukkwkh7iUgOLxmIxkPCBhZqzohHA4
0rdpQrp7iSRjGCsi7EjOcuCx2YXXscJxIYv0vfpV9hw
-> ssh-rsa krWCLQ
tBs7XiMvJdAqbtZTaDxgyLrHxyUjgKU4amTtPdVxRUuqm4uSoxoHJj7N6NGBPhW4
ODB8ft5OoAwjtP/D12pNUn3fsIuo7DJGc57Dt74f0ge+MWTVI/tEC8I8EVOVYIpv
Udc1kW8n2CCdkAulSrvlfLQPuVFUcOYWGTvEVE05gPRoJ7NiXR9CW2ByyRjD12Fj
W+8c/H0/h8CmWGRFMZG+xlt9DmYNegz2TCKyTJPtWHRT6sYCqct13GQP/C8s8fJv
ZQjIUcF91EBTr6Gc0fGEYFmKQckOkEeAG3P92YuK9NLyHw5xHl9M+gFZlYsQ91kg
/uVW29GmK7qoyxpUP0GamA
-> ssh-ed25519 /vwQcQ 0y6bP+6t8EhcHs7ap/FmCDWxQLCkDF5KyeXlGZln9Qc
9xpybiFqQTxJ8Po0044HRhoBlmcFzqeXMG3IrZzKOdI
-> ssh-ed25519 0R97PA 1pn+9GwTf+AHsSCqI+xe0blM/6qJUgCgjCF3mlEV4k0
W278+7Qc5/QyALiy1Gt8WKqCw+MX4Ko0VLV+p1KoSjA
-> ssh-ed25519 JGx7Ng hrWsXtVn1DNQ86woVee66ljaMpgBBoJmHdS7qyESbz0
dRPPTNmGYFZ+VR9gPhfD5wutqIuJXXEtoMapnAShrHE
-> ssh-ed25519 bUjjig RzQTuUiEmKd9VqYMKz3cbaU7v4OncTK8N1VA+4M851w
49tmBO+NwrGfNyDwcyuk+7DFqK0yYfZoJ98qeYg0yBY
-> ssh-ed25519 5SY7Kg 9icmp/ZQKCNxep3mnqbJs3pfjaunJwpK9OP5PhXSvE4
Yx6OjFMMwg+MRsHSlg8DjBDF5jumxJcweaWPsy0TCNU
-> ssh-ed25519 p/Mg4Q yhvaDm7yq75qq2Sb5wmXqunG5sHoamAi0r/kBOFHJjw
ZnmJd4au4dGscs7HdW1TqqLjqniRT3EhivgllyuGp5s
-> ssh-ed25519 5rrg4g oQn9sbjixiuN02aDo/v4n6JWTT4MPbYVwni0OW04NFk
hhYoASjz7CPqNXwGCOydrzadudrvncUsv318zFFUB0A
-> ssh-ed25519 oRtTqQ holCshSmzD+N5BYaUOv00WZlFn0UOLTikddFPZpCw1o
XdPjWqs7UqmA4ZLbgNAlDuHcdEGeeGCryBLE0jUtRbM
-> ssh-ed25519 F2C+8w h7ncoDRcnH+pVcRAP5au111c47oRjg4ISn93qK912zk
7sisrDx+avRb9HE2WvYkgSErsvNMqsc+UESmRKt7xz8
-> ssh-ed25519 PMC4Bw oyKwRE22OV8RupaRKV6MgdL9sYK12NvhRDseQwo2MWE
oQOX7qy2Lo6eqmOBqgCjssu5mrd85NQDwmOdzIrj7yg
-> :1G-grease
krZ6nazBc8pS3EHxhcidv4uBigiek7jhODqwOoFQa3+31acCrziN8elOxd6gEa7B
a/xpMlN0
--- BZD889tFoBkFafKWHk0vfNhpP+YtdcU+wpmm0d9RV+Q
Ç„yz¥5Y7ùY}‡ˆ"·Q{±sy;âÇ“˜dÛü°”PX4¹ÏÃ×c½Š1AÕv©ýJî<ž^fÁ¯ƒñv3U%eó]P

View file

@ -0,0 +1,58 @@
{
config,
lib,
dgn-keys,
name,
...
}:
let
mkPeer =
prefix: peerName:
let
peer = dgn-keys.getVpnKey "wg-mgmt" peerName;
in
{
Endpoint = "129.199.146.230:1194";
PersistentKeepalive = 25;
AllowedIPs = [
"fdaa::${prefix}:0/64"
];
PublicKey = peer.key;
};
in
{
age-secrets.autoMatch = [ "systemd-network" ];
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
networks = {
"50-wg-mgmt" = {
name = "wg-mgmt";
address = [
"fdaa::${lib.toHexString (dgn-keys.getVpnKey "wg-mgmt" name).id}/64"
];
routes = [
{
Destination = "fdaa::/64";
Scope = "link";
}
];
};
};
netdevs = {
"50-wg-mgmt" = {
netdevConfig = {
Name = "wg-mgmt";
Kind = "wireguard";
};
wireguardConfig = {
ListenPort = 1194;
PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path;
};
wireguardPeers = builtins.map (mkPeer "0") [ "router02" ];
};
};
};
networking.firewall.allowedUDPPorts = [ 1194 ];
}

View file

@ -8,6 +8,7 @@ lib.extra.mkConfig {
enabledServices = [
# List of services to enable
"networking"
"wireguard"
];
extraConfig = { };

View file

@ -0,0 +1,39 @@
age-encryption.org/v1
-> ssh-ed25519 jIXfPA 6v2v03EntXNNOnWAuZEcLybn6iWI+LB0kA/AbzszgQs
aqtydlqLgpfvC9rz0x0MshF+RfYJSpQaah5moS3CsGY
-> ssh-ed25519 QlRB9Q 8SqWmf7skeFnmT1HU43V7PwaqYl/hHTifx70qr05Y3c
W/b0CABozdoiSXWokOs+ChRL2pKCjL/b3kZHsBLBemw
-> ssh-ed25519 r+nK/Q TwRRJzM7q81lTdiMwINKYs5RqUaKR9odwTj0CaAUOFU
mYvyP/UeLFDgXFAUkCfZRNuRTJBL5t01nQ5a3U9BVrc
-> ssh-rsa krWCLQ
ssWV1ySMEEZJEsNUjss0U+rLVLYVLlPovyeqv3dWgRdbojFOboXZh7yo07KHOuu8
N3QU64Iy1B8VOoPPhkfRURJjsjEEt/48gwMm9Ff9lmF/rxuw8KOPlGgAF+HwGK0z
Y2gTJkehFuuBN70jsPpCGqlEpmbwLfw1BbYp8zYEq6OKXkhZjIWVEwfa3Ahiw0Z7
3VTC/9GVhpPu/s532TxYNsTZj6nBSp22jc8AZZvOxbPrV5Qk8yLb3JMfXBWn3bJv
N4A1x+ibCI6bnl+gYzmVjiquMuo8CMR1t+KAp6nNfv1dZT5UDBYKswYQ1AhQi7jh
KzBK3vInE18L3qWPxt4Zdw
-> ssh-ed25519 /vwQcQ YilslLDdIPQRNOr/ZA+WreHP5PNBiy/f6xz2UImsEQA
gjH2VsGYM/bJu+X5vwF1y+r0+pDC7EOjesuawUw5WAo
-> ssh-ed25519 0R97PA qFqvdP6/zg+/ruLrNmmFdi0ED43LVNtrfFISTVMLimA
YQyo/5tyH2JMPWiqV0bxWhMWVpyjcaQc9nr1WPUMygc
-> ssh-ed25519 JGx7Ng /SvvUDt/rDTaFOqaxL+d49pNyx7Wvkl0FMr36RIsxgQ
pF191qRavD24LSw2JHKpVKFGK281UitMTcLDV7Zw87M
-> ssh-ed25519 bUjjig +o1W/J1qFW96kC5SCz5azW4ar/bGglWOIST/VEBl0k8
mHPgOqZN5eLw5AG47TIXccckR1qhhr6Ix08l3CY2NF4
-> ssh-ed25519 5SY7Kg 53VjPE/xjun7Q1fKUaRKoEw1p5ble9fiunb/hX8sSns
5ro90MKLPz2rqdHghVBbrKXiRHHUEeRKkB+RZwxX1Ls
-> ssh-ed25519 p/Mg4Q tLc6UNchEe2AR/91gGauHIhD84UfKbIgS5MR77dhxhw
Q5/8BbmXj9wTv0oHr73Au3gNgMDPxT1btyRFhVZ+My8
-> ssh-ed25519 5rrg4g WVq0dsHIxZffMqbAgdtBoMZDpzWI2eSc/gYuohn2JHc
CXBXkFLl8ljpBZK3emGaj5D0lb07KfCBeHPLc0AuCFA
-> ssh-ed25519 oRtTqQ Zq/GevKIc0qaGd0jXWpkd88BxA6yPonFzvxqxtylCiw
KO0avMpoF1ICg+17xvsmBLGsZ4FVorjkcMl/adT2/IU
-> ssh-ed25519 F2C+8w b9E1FgolbSv9cbAKTwSUnUhcilOFC3mkX8zEgeYwJxs
vqh2UldeQQTkDuiRxrT8+Xxdpt2s16X+14J57rpZVKM
-> ssh-ed25519 Dk/ltw 9zNl1I2J0A99y6G2M4JHhUVgn/9xcCaDz+I1NQxJewg
GFQp+hYM9dyICmI5UmdnNftq7g3QyNH3MlkAoag8YtQ
-> jn$!zr-grease w#SDYrYf
tNm7A1/g1RMy3lwzsibb/VhsMojufa8iCJCfZ5PG13ikyKab/8GY2oBO282yzcGJ
NLDaG5WbIbese3Rxi+rC0ucRZYWlx/w
--- 8tELVgxGaIQsgC4NrrRbSh8Y8p+d8sQLG6pWZrc4b3o
<16>kÜè ŽuûEõ¬4>7>«p<C2AB>KøÎH¶ê$8MÞŸ@¢’¢û„<C3BB>°º fñ`ÿ°XÍÚLi½:”öû³&wè> 4€•,#q¿h™4

View file

@ -1,13 +1,33 @@
{ config, ... }:
{
config.age-secrets.autoMatch = [ "systemd-network" ];
config,
lib,
dgn-keys,
name,
...
}:
let
mkPeer =
prefix: peerName:
let
peer = dgn-keys.getVpnKey "wg-mgmt" peerName;
in
{
AllowedIPs = [
"fdaa::${prefix}:${lib.toHexString peer.id}/32"
];
PublicKey = peer.key;
};
in
{
age-secrets.autoMatch = [ "systemd-network" ];
networking.firewall.trustedInterfaces = [ "wg0" ];
systemd.network = {
networks = {
"50-wg-mgmt" = {
name = "wg-mgmt";
address = [
"fdaa::1/64"
"fdaa::${lib.toHexString (dgn-keys.getVpnKey "wg-mgmt" name).id}/64"
];
routes = [
{
@ -28,17 +48,14 @@
PrivateKeyFile = config.age.secrets."systemd-network-wg_key".path;
};
wireguardPeers = [
{
AllowedIPs = [
"fdaa::2/64"
];
PublicKey = "h4Nf+e4JIjqOMuM5JtLN298BF/fym9fWKGtRZmS5MVA=";
}
];
wireguardPeers =
builtins.map (mkPeer "1") [
"mdebray"
"catvayor"
]
++ builtins.map (mkPeer "0") [ "roam01" ];
};
};
};
networking.firewall.allowedUDPPorts = [ 1194 ];
}

View file

@ -110,6 +110,13 @@ in
addresses.ipv4 = [ "129.199.146.230" ];
vpnKeys = {
wg-mgmt = {
id = 1;
key = "PN8/zo1Clue7jAnkvaUOg1ZdmcXmcTb6kIRpu5cplHs=";
};
};
hostId = "144d0f7a";
};
photo01 = {
@ -119,5 +126,17 @@ in
hostId = "bcf8ff03";
};
roam01 = {
interfaces = { };
vpnKeys = {
wg-mgmt = {
id = 2;
key = "Yg1GwHbJ7kwNbnjxI+5LtgDvzMPMiOm3EgI/saLI7FU=";
};
};
hostId = "999dc679";
};
}
// mkRoutexp (import ./routexp.nix)

View file

@ -94,7 +94,7 @@ in
hashedPassword = "$y$j9T$5OchePm5POsgveGLY/bKy/$9XkkZq9aBycg.YImEzFSiYRbAfBO0A4G7qMGIF/WEo9";
deployment.targetHost = "129.199.146.37";
deployment.targetHost = "129.199.146.39";
stateVersion = "24.11";
nixpkgs = "unstable";

View file

@ -14,11 +14,14 @@ let
ints
listOf
nullOr
singleLineStr
str
submodule
unspecified
;
inherit (ints) positive;
addressType =
max:
submodule {
@ -34,6 +37,22 @@ let
};
};
vpnKeyType = submodule {
options = {
id = mkOption {
type = positive;
description = ''
Unique ID that will be used to guess IP address
'';
};
key = mkOption {
type = str;
description = ''
Public key of the user for this VPN
'';
};
};
};
org = config.organization;
in
@ -41,23 +60,55 @@ in
options = {
organization = {
members = mkOption {
type = attrsOf (submodule {
options = {
name = mkOption {
type = str;
description = ''
Name of the member.
'';
};
type = attrsOf (
submodule (
{ name, ... }:
{
options = {
name = mkOption {
type = str;
description = ''
Name of the member.
'';
};
email = mkOption {
type = str;
description = ''
Main e-mail address of the member.
'';
};
};
});
email = mkOption {
type = str;
description = ''
Main e-mail address of the member.
'';
};
username = mkOption {
type = str;
default = name;
description = ''
The username used for authentication.
WARNING: Must be the same as the ens login!
'';
};
sshKeys = lib.mkOption {
type = listOf singleLineStr;
description = ''
A list of verbatim OpenSSH public keys that should be added to the
user's authorized keys.
'';
example = [
"ssh-rsa AAAAB3NzaC1yc2etc/etc/etcjwrsh8e596z6J0l7 example@host"
"ssh-ed25519 AAAAC3NzaCetcetera/etceteraJZMfk3QPfQ foo@bar"
];
};
vpnKeys = mkOption {
type = attrsOf vpnKeyType;
default = { };
description = "Attribute sets to define vpn keys of the user";
};
};
}
)
);
description = ''
Members of the DGNum organization.
@ -70,6 +121,39 @@ in
Groups of the DGNum organization.
'';
};
external = mkOption {
type = attrsOf (listOf str);
description = ''
External services used by the DGNum organization.
'';
};
services = mkOption {
type = attrsOf (submodule {
options = {
admins = mkOption {
type = listOf str;
default = [ ];
description = ''
List of administrators of the service.
'';
};
adminGroups = mkOption {
type = listOf str;
default = [ ];
description = ''
List of administrator groups of the service.
'';
};
};
});
description = ''
Administrator access of the different DGNum services,
it is mainly indicative as most services cannot configure this statically.
'';
};
};
nodes = mkOption {
@ -256,6 +340,13 @@ in
IP address of the node in the netbird network.
'';
};
vpnKeys = mkOption {
type = attrsOf vpnKeyType;
default = { };
description = "Attribute sets to define vpn keys of the machine";
};
};
config =
@ -327,11 +418,20 @@ in
extract "adminGroups" config.nodes
))
# Check that all members have ssh keys
(builtins.map (name: {
assertion = ((import ../keys)._keys.${name} or [ ]) != [ ];
message = "No ssh keys found for ${name}.";
}) members)
# Check that all services admins exist
(membersExists (name: "A member of the service ${name} admins was not found in the members list.") (
extract "admins" org.services
))
# Check that all services adminGroups exist
(groupsExists (
name: "A member of the service ${name} adminGroups was not found in the groups list."
) (extract "adminGroups" org.services))
# Check that all external services admins exist
(membersExists (
name: "A member of the external service ${name} admins was not found in the members list."
) org.external)
];
};
}

View file

@ -5,44 +5,104 @@
{
members = {
agroudiev = {
name = "Antoine Groudiev";
email = "antoine.groudiev@dgnum.eu";
sshKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDgyt3ntpcoI/I2n97R1hzjBiNL6R98S73fSi7pkSE/8mQbI8r9GzsPUBcxQ+tIg0FgwkLxTwF8DwLf0E+Le/rPznxBS5LUQaAktSQSrxz/IIID1+jN8b03vf5PjfKS8H2Tu3Q8jZXa8HNsj3cpySpGMqGrE3ieUmknd/YfppRRf+wM4CsGKZeS3ZhB9oZi3Jn22A0U/17AOJTnv4seq+mRZWRQt3pvQvpp8/2M7kEqizie/gTr/DnwxUr45wisqYYH4tat9Cw6iDr7LK10VCrK37BfFagMIZ08Hkh3c46jghjYNQWe+mBUWJByWYhTJ0AtYrbaYeUV1HVYbsRJ6bNx25K6794QQPaE/vc2Z/VK/ILgvJ+9myFSAWVylCWdyYpwUu07RH/jDBl2aqH62ESwAG7SDUUcte6h9N+EryAQLWc8OhsGAYLpshhBpiqZwzX90m+nkbhx1SqMbtt6TS+RPDEHKFYn8E6FBrf1FK34482ndq/hHXZ88mqzGb1nOnM="
];
};
catvayor = {
name = "Lubin Bailly";
email = "catvayor@dgnum.eu";
username = "lbailly";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAA16foz+XzwKwyIR4wFgNIAE3Y7AfXyEsUZFVVz8Rie catvayor@katvayor"
];
vpnKeys = {
wg-mgmt = {
id = 1;
key = "zIHvCSzk5a94jvnXU4iscbp9RUGzbWpARDMRgHNtMl4=";
};
};
};
cst1 = {
name = "Constantin Gierczak--Galle";
email = "cst1@dgnum.eu";
username = "cgierczakgalle";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKrijwPlb7KQkYPLznMPVzPPT69cLzhEsJzZi9tmxzTh cst1@x270"
];
};
ecoppens = {
name = "Elias Coppens";
email = "ecoppens@dgnum.eu";
sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIGmU7yEOCGuGNt4PlQbzd0Cms1RePpo8yEA7Ij/+TdA" ];
};
jemagius = {
name = "Jean-Marc Gailis";
email = "jm@dgnum.eu";
username = "jgailis";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOoxmou5OU74GgpIUkhVt6GiB+O9Jy4ge0TwK5MDFJ2F"
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCxQX0JLRah3GfIOkua4ZhEJhp5Ykv55RO0SPrSUwCBs5arnALg8gq12YLr09t4bzW/NA9/jn7flhh4S54l4RwBUhmV4JSQhGu71KGhfOj5ZBkDoSyYqzbu206DfZP5eQonSmjfP6XghcWOr/jlBzw9YAAQkFxsQgXEkr4kdn0ZXfZGz6b0t3YUjYIuDNbptFsGz2V9iQVy1vnxrjnLSfc25j4et8z729Vpy4M7oCaE6a6hgon4V1jhVbg43NAE5gu2eYFAPIzO3E7ZI8WjyLu1wtOBClk1f+HMen3Tr+SX2PXmpPGb+I2fAkbzu/C4X/M3+2bL1dYjxuvQhvvpAjxFwmdoXW4gWJ3J/FRiFrKsiAY0rYC+yi8SfacJWCv4EEcV/yQ4gYwpmU9xImLaro6w5cOHGCqrzYqjZc4Wi6AWFGeBSNzNs9PXLgMRWeUyiIDOFnSep2ebZeVjTB16m+o/YDEhE10uX9kCCx3Dy/41iJ1ps7V4JWGFsr0Fqaz8mu8="
];
};
luj = {
name = "Julien Malka";
email = "luj@dgnum.eu";
username = "jmalka";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDMBW7rTtfZL9wtrpCVgariKdpN60/VeAzXkh9w3MwbO julien@enigma"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa+7n7kNzb86pTqaMn554KiPrkHRGeTJ0asY1NjSbpr julien@tower"
];
};
mboyer = {
name = "Matthieu Boyer";
email = "matthieu.boyer@dgnum.eu";
username = "mboyer02";
sshKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGYnwZaFYvUxtJeNvpaA20rLfq8fOO4dFp7cIXsD8YNx" ];
};
mdebray = {
name = "Maurice Debray";
email = "maurice.debray@dgnum.eu";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEpwF+XD3HgX64kqD42pcEZRNYAWoO4YNiOm5KO4tH6o maurice@polaris"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFdDnSl3cyWil+S5JiyGqOvBR3wVh+lduw58S5WvraoL maurice@fekda"
];
vpnKeys = {
wg-mgmt = {
id = 2;
key = "+nTxD4ZAzk+9LHGwEfK0t2cMQf0ognBYmhybNbCzW38=";
};
};
};
raito = {
name = "Ryan Lahfa";
email = "ryan@dgnum.eu";
username = "rlahfa";
sshKeys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
];
};
thubrecht = {
name = "Tom Hubrecht";
email = "tom.hubrecht@dgnum.eu";
sshKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL+EZXYziiaynJX99EW8KesnmRTZMof3BoIs3mdEl8L3"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHL4M4HKjs4cjRAYRk9pmmI8U0R4+T/jQh6Fxp/i1Eoy"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn"
];
};
};