gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore(extern): keys

Browse source
This commit is contained in:
arcnmx 2024-05-13 11:11:09 -07:00
parent c51febd94d
commit ac9441da3d
7 changed files with 29 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

1
ci/generate.sh
View file

@ -5,6 +5,7 @@ for node in reisen; do
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json" nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.users" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/users.json"
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json" nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.systems" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/systems.json"
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.extern" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/extern.json" nix eval --json "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.extern" | jq -M . > "$NF_CONFIG_ROOT/systems/$node/extern.json"
nix eval --raw "${NF_CONFIG_ROOT}#lib.generate.nodes.$node.ssh.root.authorizedKeys.text" > "$NF_CONFIG_ROOT/systems/$node/root.authorized_keys"
done done
nix eval --json "${NF_CONFIG_ROOT}#lib.generate.systems" | jq -M . > "$NF_CONFIG_ROOT/ci/systems.json" nix eval --json "${NF_CONFIG_ROOT}#lib.generate.systems" | jq -M . > "$NF_CONFIG_ROOT/ci/systems.json"

9
generate.nix
View file

@ -40,16 +40,21 @@
}; };
}; };
mkNodeSystems = systems: mapAttrs (_: mkNodeSystem) systems; mkNodeSystems = systems: mapAttrs (_: mkNodeSystem) systems;
mkExtern = system: { mkExtern = system: let
enabledFiles = filterAttrs (_: file: file.enable) system.extern.files;
in {
files = mapAttrs' (_: file: nameValuePair file.path { files = mapAttrs' (_: file: nameValuePair file.path {
source = assert file.relativeSource != null; file.relativeSource; source = assert file.relativeSource != null; file.relativeSource;
inherit (file) owner group mode; inherit (file) owner group mode;
}) system.extern.files; }) enabledFiles;
}; };
mkNode = system: { mkNode = system: {
users = mkNodeUsers templateUsers; users = mkNodeUsers templateUsers;
systems = mkNodeSystems (nodeSystems system.config.name); systems = mkNodeSystems (nodeSystems system.config.name);
extern = mkExtern system.config; extern = mkExtern system.config;
ssh.root.authorizedKeys = {
inherit (templateSystem.config.environment.etc."ssh/authorized_keys.d/root".source) text;
};
}; };
mkNetwork = system: { mkNetwork = system: {
inherit (system.config.access) hostName; inherit (system.config.access) hostName;

5
modules/system/extern/files.nix vendored
View file

@ -1,10 +1,13 @@
let let
fileModule = {config, name, gensokyo-zone, lib, ...}: let fileModule = {config, name, gensokyo-zone, lib, ...}: let
inherit (lib.options) mkOption; inherit (lib.options) mkOption mkEnableOption;
inherit (lib.modules) mkOptionDefault; inherit (lib.modules) mkOptionDefault;
inherit (lib.strings) hasPrefix removePrefix; inherit (lib.strings) hasPrefix removePrefix;
in { in {
options = with lib.types; { options = with lib.types; {
enable = mkEnableOption "external file" // {
default = true;
};
path = mkOption { path = mkOption {
type = str; type = str;
default = name; default = name;

4
systems/freeipa/default.nix
View file

@ -19,7 +19,6 @@ _: {
extern.files = { extern.files = {
"/etc/systemd/resolved.conf" = { "/etc/systemd/resolved.conf" = {
source = ./resolved.conf; source = ./resolved.conf;
mode = "0644";
}; };
"/etc/NetworkManager/system-connections/ens18.nmconnection" = { "/etc/NetworkManager/system-connections/ens18.nmconnection" = {
source = ./ens18.nmconnection; source = ./ens18.nmconnection;
@ -29,6 +28,9 @@ _: {
source = ./int.nmconnection; source = ./int.nmconnection;
mode = "0600"; mode = "0600";
}; };
"/root/.ssh/authorized_keys" = {
source = ../reisen/root.authorized_keys;
};
}; };
exports = { exports = {
services = { services = {

4
systems/freepbx/default.nix
View file

@ -17,7 +17,9 @@ _: {
extern.files = { extern.files = {
"/etc/sysconfig/network-scripts/ifcfg-eth0" = { "/etc/sysconfig/network-scripts/ifcfg-eth0" = {
source = ./ifcfg-eth0; source = ./ifcfg-eth0;
mode = "0644"; };
"/root/.ssh/authorized_keys" = {
source = ../reisen/root.authorized_keys;
}; };
}; };
exports = { exports = {

5
systems/reisen/default.nix
View file

@ -16,6 +16,11 @@ _: {
"/etc/udev/rules.d/90-z2m.rules" = { "/etc/udev/rules.d/90-z2m.rules" = {
source = ./udev.90-z2m.rules; source = ./udev.90-z2m.rules;
}; };
"/root/.ssh/authorized_keys" = {
# TODO: this can't be deployed here...
enable = false;
source = ./root.authorized_keys;
};
}; };
network.networks = { network.networks = {
local = { local = {

6
systems/reisen/root.authorized_keys Normal file
View file

@ -0,0 +1,6 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ8Z6briIboxIdedPGObEWB6QEQkvxKvnMW/UVU9t/ac mew-pgp
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCocjQqiDIvzq+Qu3jkf7FXw5piwtvZ1Mihw9cVjdVcsra3U2c9WYtYrA3rS50N3p00oUqQm9z1KUrvHzdE+03ZCrvaGdrtYVsaeoCuuvw7qxTQRbItTAEsfRcZLQ5c1v/57HNYNEsjVrt8VukMPRXWgl+lmzh37dd9w45cCY1QPi+JXQQ/4i9Vc3aWSe4X6PHOEMSBHxepnxm5VNHm4PObGcVbjBf0OkunMeztd1YYA9sEPyEK3b8IHxDl34e5t6NDLCIDz0N/UgzCxSxoz+YJ0feQuZtud/YLkuQcMxW2dSGvnJ0nYy7SA5DkW1oqcy6CGDndHl5StOlJ1IF9aGh0gGkx5SRrV7HOGvapR60RphKrR5zQbFFka99kvSQgOZqSB3CGDEQGHv8dXKXIFlzX78jjWDOBT67vA/M9BK9FS2iNnBF5x6shJ9SU5IK4ySxq8qvN7Us8emkN3pyO8yqgsSOzzJT1JmWUAx0tZWG/BwKcFBHfceAPQl6pwxx28TM3BTBRYdzPJLTkAy48y6iXW6UYdfAPlShy79IYjQtEThTuIiEzdzgYdros0x3PDniuAP0KOKMgbikr0gRa6zahPjf0qqBnHeLB6nHAfaVzI0aNbhOg2bdOueE1FX0x48sjKqjOpjlIfq4WeZp9REr2YHEsoLFOBfgId5P3BPtpBQ== yubikey5
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPsu3vNsvBb/G+wALpstD/DnoRZ3fipAs00jtl8rzDuv96RlS7AJr4aNvG6Pt2D9SYn2wVLaiw+76mz2gOycH9/N+VCvL4/0MN9uqj+7XIcxNRo0gHVOblmi2bOXcmGKh3eRwHj1xyDwRxo9WIuBEP2bPpDPz75OXRtEdlTgvky7siSguQxJu03cb0p9hNAYhUoohNXyWW2CjDCLUQVE1+QRVUzsKq3KkPy0cHYgmZC1gRSMQyKpMt72L5tayLz3Tp/zrshucc+QO5IJeZdqMxsNAcvALsysT1J5EqxZoYH9VpWLRhSgVD6Nvn853pycJAlXQxgOCpSD3/v/JbgUe5NE+ci0o7NMy5IiHUv2gQMRIEhwBHlRGwokUPL9upx0lsjaEiPya5xQqqDKRom87xytM778ANS5CuMdQMWg9qVbpHZUHMjA0QmNkjPgq71pUDXHk5L4mZuS8wVjyjnvlw68yIJuHEc8P7QiLcjvRHFS2L9Ck8NRmPDTQXlQi9kk6LmMyu6fdevR/kZL21b+xO1e2DMyxBbNDTot8luppiiL8adgUDMwptpIne7JCWB1o9NFCbXUVgwuCCYBif6pOGSc6bGo1JTAKMflRlcy6Mi3t5H0mR2lj/sCSTWwTlP5FM4aPIq08NvW6PeuK1bFJY9fIgTwVsUnbAKOhmsMt62w== cardno:12 078 454
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII74JrgGsDQ6r7tD7+k3ykxXV7DpeeFRscPMxrBsDPhz kat@goliath
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDkeBFF4xxZgeURLzNHcvUFxImmkQ3pxXtpj3mtSyHXB kat@koishi