Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

Centralize pubkeys

Browse source
This commit is contained in:
gabriel-doriath-dohler 2022-08-15 03:28:40 +02:00
parent 16f4ad94b1
commit ba5086a237
17 changed files with 15 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
machines/core-services-01/configuration.nix
View file

@ -76,9 +76,9 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [
./pubkeys/gdd.keys
./pubkeys/raito.keys
./pubkeys/mrf.keys
../../pubkeys/gdd.keys
../../pubkeys/raito.keys
../../pubkeys/mrf.keys
];
# Open ports in the firewall.

4
machines/core-services-01/netboot-server.nix
View file

@ -13,8 +13,8 @@ let
# Enable sshd wich gets disabled by netboot-minimal.nix
systemd.services.sshd.wantedBy = mkOverride 0 [ "multi-user.target" ];
users.users.root.openssh.authorizedKeys.keyFiles = [
./pubkeys/gdd.keys
./pubkeys/raito.keys
../../pubkeys/gdd.keys
../../pubkeys/raito.keys
];
programs.mosh.enable = true;

2
machines/core-services-01/secrets/secrets.nix
View file

@ -1,7 +1,7 @@
let
pkgs = import <nixpkgs> {};
lib = pkgs.lib;
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys")));
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys")));
superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "mrf");
core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";
systems = [ core-services-01 ];

6
machines/public-cof/configuration.nix
View file

@ -45,9 +45,9 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [
./pubkeys/gdd.keys
./pubkeys/raito.keys
./pubkeys/mrf.keys
../../pubkeys/gdd.keys
../../pubkeys/raito.keys
../../pubkeys/mrf.keys
];
system.stateVersion = "21.05";

2
machines/public-cof/pubkeys/gdd.keys
View file

@ -1,2 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ

1
machines/public-cof/pubkeys/mrf.keys
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFe4tx0+lNX2w7kG94c9u7U0wHuOc2A6zpHcbyAs+w/d

4
machines/public-cof/pubkeys/raito.keys
View file

@ -1,4 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKIIcqryU28FkV+UpiTnGCOfwKO5jFhkdvU7a7Ew2KoZ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLf6B8VV//BhOWihYK8Zy1CJ3sg4w2bP0aBO0VPs4hS
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr

2
machines/public-cof/secrets/secrets.nix
View file

@ -1,7 +1,7 @@
let
pkgs = import <nixpkgs> {};
lib = pkgs.lib;
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../pubkeys + "/${user}.keys")));
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys")));
superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd");
public-cof = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUe/w7e3+KIa1YPFH9FGapDWM/sWOvOCcYXNlnIWypg";
systems = [ public-cof ];

7
machines/remote-builder-01/configuration.nix
View file

@ -61,8 +61,11 @@
# Enable the OpenSSH daemon.
services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles =
[ ./pubkeys/gdd.keys ./pubkeys/raito.keys ./pubkeys/remote-builders.keys ];
users.users.root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/gdd.keys
../../pubkeys/raito.keys
../../pubkeys/remote-builders.keys
];
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];

2
machines/remote-builder-01/pubkeys/gdd.keys
View file

@ -1,2 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICE7TN5NQKGojNGIeTFiHjLHTDQGT8i05JFqX/zLW2zc
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIFbkPWWZzOBaRdx4+7xQUgxDwuncSl2fxAeVuYfVUPZ

1
machines/remote-builder-01/pubkeys/hackens-milieu.keys
View file

@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3+w4+nyJG8lr2mh0S9Zf8j2/6H5smlO87s6KNLlhkF hackens@hackens-milieu

4
machines/remote-builder-01/pubkeys/raito.keys
View file

@ -1,4 +0,0 @@
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKIIcqryU28FkV+UpiTnGCOfwKO5jFhkdvU7a7Ew2KoZ
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMLf6B8VV//BhOWihYK8Zy1CJ3sg4w2bP0aBO0VPs4hS
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr

0
machines/core-services-01/pubkeys/gdd.keys → pubkeys/gdd.keys
View file

0
machines/core-services-01/pubkeys/hackens-milieu.keys → pubkeys/hackens-milieu.keys
View file

0
machines/core-services-01/pubkeys/mrf.keys → pubkeys/mrf.keys
View file

0
machines/core-services-01/pubkeys/raito.keys → pubkeys/raito.keys
View file

0
machines/remote-builder-01/pubkeys/remote-builders.keys → pubkeys/remote-builders.keys
View file