palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

ssh fiddlings

Browse source
This commit is contained in:
Ingolf Wagner 2024-06-06 01:48:15 +02:00
parent 44ca2736af
commit d1557048e6
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
5 changed files with 50 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
flake.nix
View file

@ -196,7 +196,7 @@
inputs.clan-core.clanModules.static-hosts inputs.clan-core.clanModules.static-hosts
# generate ssh host keys with facts # generate ssh host keys with facts
# fixme: not working # fixme: not working
# inputs.clan-core.clanModules.sshd inputs.clan-core.clanModules.sshd
]; ];
documentation.nixos.enable = true; documentation.nixos.enable = true;
clan.static-hosts.topLevelDomain = "bear"; clan.static-hosts.topLevelDomain = "bear";
@ -341,8 +341,7 @@
cream = clanSetup { cream = clanSetup {
name = "cream"; name = "cream";
host = "cream"; host = "cream.bear";
#host = "cream.bear";
modules = [ modules = [
nixos-hardware.nixosModules.framework-12th-gen-intel nixos-hardware.nixosModules.framework-12th-gen-intel
retiolum.nixosModules.retiolum retiolum.nixosModules.retiolum
@ -363,8 +362,7 @@
cherry = clanSetup { cherry = clanSetup {
name = "cherry"; name = "cherry";
#host = "cherry.bear"; host = "cherry.bear";
host = "cherry";
modules = [ modules = [
nixos-hardware.nixosModules.framework-13th-gen-intel nixos-hardware.nixosModules.framework-13th-gen-intel
homeManagerModules homeManagerModules
@ -383,8 +381,7 @@
chungus = clanSetup { chungus = clanSetup {
name = "chungus"; name = "chungus";
#host = "chungus.bear"; host = "chungus.bear";
host = "chungus";
modules = [ modules = [
{ {
clan.networking.zerotier.controller = { clan.networking.zerotier.controller = {
@ -410,9 +407,8 @@
orbi = clanSetup { orbi = clanSetup {
name = "orbi"; name = "orbi";
#host = "orbi.bear"; host = "orbi.bear";
host = "95.216.66.212"; #host = "95.216.66.212";
#host = "10.100.0.1";
modules = [ modules = [
homeManagerModules homeManagerModules
stylixModules stylixModules

1
nixos/components/network/default.nix
View file

@ -18,6 +18,7 @@ with types;
./tinc ./tinc
./wifi.nix ./wifi.nix
./wireguard.nix ./wireguard.nix
./zerotier.nix # todo: sshd must be first managed by clan
]; ];
config = mkIf config.components.network.enable { }; config = mkIf config.components.network.enable { };

1
nixos/components/network/syncthing.nix
View file

@ -1,6 +1,5 @@
{ config, lib, pkgs, factsGenerator, ... }: { config, lib, pkgs, factsGenerator, ... }:
let let
machineDir = "${config.clanCore.clanDir}/machines"; machineDir = "${config.clanCore.clanDir}/machines";
syncthingPub = machine: syncthingPub = machine:
lib.removeSuffix "\n" lib.removeSuffix "\n"

26
nixos/components/network/zerotier.nix Normal file
View file

@ -0,0 +1,26 @@
{ lib, config, ... }:
let
machineDir = "${config.clanCore.clanDir}/machines/";
publicKey = machine: (builtins.readFile "${machineDir}/${machine}/facts/ssh.id_ed25519.pub");
machinesFileSet = builtins.readDir machineDir;
machines = lib.mapAttrsToList (name: _: name) machinesFileSet;
tld = config.clan.static-hosts.topLevelDomain;
knownHosts = lib.mapAttrs
(name: _:
{
hostNames = [
"[${name}]:2222"
"[${name}.${tld}]:2222"
"[${name}.private]:2222"
"${name}"
"${name}.${tld}"
"${name}.private"
];
publicKey = publicKey name;
}
)
machinesFileSet;
in
{
services.openssh.knownHosts = knownHosts;
}

23
nixos/machines/chungus/sync-syncoid.nix
View file

@ -1,7 +1,18 @@
{ pkgs, config, factsGenerator, ... }: { pkgs, config, factsGenerator, ... }:
let
tld = config.clan.static-hosts.topLevelDomain;
in
{ {
clanCore.facts.services.syncoid = factsGenerator.ssh { name = "syncoid"; }; clanCore.facts.services.syncoid = factsGenerator.ssh { name = "syncoid"; };
systemd.tmpfiles.settings.syncoid = {
"/run/facts/ssh.syncoid.id_ed25519"."C+" = {
user = config.services.syncoid.user;
group = config.services.syncoid.group;
mode = "400";
argument = config.clanCore.facts.services.syncoid.secret."ssh.syncoid.id_ed25519".path;
};
};
services.syncoid = { services.syncoid = {
enable = true; enable = true;
@ -22,18 +33,18 @@
# remote # remote
commands.matrix-terranix = { commands.matrix-terranix = {
sshKey = config.clanCore.facts.services.syncoid.secret."ssh.syncoid.id_ed25519".path; sshKey = "/run/facts/ssh.syncoid.id_ed25519";
source = "root@orbi:zroot/matrix-terranix"; source = "root@orbi.${tld}:zroot/matrix-terranix";
target = "zraid/mirror/matrix-terranix"; # should not be created up front! target = "zraid/mirror/matrix-terranix"; # should not be created up front!
}; };
commands.nextcloud = { commands.nextcloud = {
sshKey = config.clanCore.facts.services.syncoid.secret."ssh.syncoid.id_ed25519".path; sshKey = "/run/facts/ssh.syncoid.id_ed25519";
source = "root@orbi:zroot/nextcloud"; source = "root@orbi.${tld}:zroot/nextcloud";
target = "zraid/mirror/nextcloud"; # should not be created up front! target = "zraid/mirror/nextcloud"; # should not be created up front!
}; };
commands.photoprism = { commands.photoprism = {
sshKey = config.clanCore.facts.services.syncoid.secret."ssh.syncoid.id_ed25519".path; sshKey = "/run/facts/ssh.syncoid.id_ed25519";
source = "root@orbi:zmedia/photoprism"; source = "root@orbi.${tld}:zmedia/photoprism";
target = "zraid/mirror/photoprism"; # should not be created up front! target = "zraid/mirror/photoprism"; # should not be created up front!
}; };
commonArgs = [ commonArgs = [