Klub-RZ/infrastructure
4
0
Fork 0
Code Issues 7 Pull requests Projects Releases Packages Wiki Activity

Move pubkeys in ./machines

Browse source 
This is required by the current krops setup.
This commit is contained in:
gabriel-doriath-dohler 2022-08-15 23:59:59 +00:00
parent ba5086a237
commit c5aa20dffa
11 changed files with 13 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

6
machines/core-services-01/configuration.nix
View file

@ -76,9 +76,9 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/gdd.keys ../pubkeys/gdd.keys
../../pubkeys/raito.keys ../pubkeys/raito.keys
../../pubkeys/mrf.keys ../pubkeys/mrf.keys
]; ];
# Open ports in the firewall. # Open ports in the firewall.

4
machines/core-services-01/netboot-server.nix
View file

@ -13,8 +13,8 @@ let
# Enable sshd wich gets disabled by netboot-minimal.nix # Enable sshd wich gets disabled by netboot-minimal.nix
systemd.services.sshd.wantedBy = mkOverride 0 [ "multi-user.target" ]; systemd.services.sshd.wantedBy = mkOverride 0 [ "multi-user.target" ];
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/gdd.keys ../pubkeys/gdd.keys
../../pubkeys/raito.keys ../pubkeys/raito.keys
]; ];
programs.mosh.enable = true; programs.mosh.enable = true;

2
machines/core-services-01/secrets/secrets.nix
View file

@ -1,7 +1,7 @@
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
lib = pkgs.lib; lib = pkgs.lib;
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))); readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../pubkeys + "/${user}.keys")));
superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "mrf"); superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd") ++ (readPubkeys "mrf");
core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU"; core-services-01 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrnZxP4OUGDzd1uykMghzFNLH0Fg42hH+0qxif6O6oU";
systems = [ core-services-01 ]; systems = [ core-services-01 ];

0
pubkeys/gdd.keys → machines/pubkeys/gdd.keys
View file

0
pubkeys/hackens-milieu.keys → machines/pubkeys/hackens-milieu.keys
View file

0
pubkeys/mrf.keys → machines/pubkeys/mrf.keys
View file

0
pubkeys/raito.keys → machines/pubkeys/raito.keys
View file

0
pubkeys/remote-builders.keys → machines/pubkeys/remote-builders.keys
View file

6
machines/public-cof/configuration.nix
View file

@ -45,9 +45,9 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/gdd.keys ../pubkeys/gdd.keys
../../pubkeys/raito.keys ../pubkeys/raito.keys
../../pubkeys/mrf.keys ../pubkeys/mrf.keys
]; ];
system.stateVersion = "21.05"; system.stateVersion = "21.05";

2
machines/public-cof/secrets/secrets.nix
View file

@ -1,7 +1,7 @@
let let
pkgs = import <nixpkgs> {}; pkgs = import <nixpkgs> {};
lib = pkgs.lib; lib = pkgs.lib;
readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../../pubkeys + "/${user}.keys"))); readPubkeys = user: builtins.filter (k: k != "") (lib.splitString "\n" (builtins.readFile (../../pubkeys + "/${user}.keys")));
superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd"); superadmins = (readPubkeys "raito") ++ (readPubkeys "gdd");
public-cof = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUe/w7e3+KIa1YPFH9FGapDWM/sWOvOCcYXNlnIWypg"; public-cof = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDUe/w7e3+KIa1YPFH9FGapDWM/sWOvOCcYXNlnIWypg";
systems = [ public-cof ]; systems = [ public-cof ];

6
machines/remote-builder-01/configuration.nix
View file

@ -62,9 +62,9 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
users.users.root.openssh.authorizedKeys.keyFiles = [ users.users.root.openssh.authorizedKeys.keyFiles = [
../../pubkeys/gdd.keys ../pubkeys/gdd.keys
../../pubkeys/raito.keys ../pubkeys/raito.keys
../../pubkeys/remote-builders.keys ../pubkeys/remote-builders.keys
]; ];
# Open ports in the firewall. # Open ports in the firewall.