Compare commits
2 commits
875620e809
...
766f4a8b4b
| Author | SHA1 | Date | |
|---|---|---|---|
 Ingolf Wagner
|
766f4a8b4b
|
||
|
Ingolf Wagner
|
dd75b61992
|
|
|
@ -61,26 +61,32 @@
|
||||||
};
|
};
|
||||||
movies = {
|
movies = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
watch = true;
|
||||||
path = "/media/syncthing/movies";
|
path = "/media/syncthing/movies";
|
||||||
};
|
};
|
||||||
music-library = {
|
music-library = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
watch = true;
|
||||||
path = "/media/syncthing/music";
|
path = "/media/syncthing/music";
|
||||||
};
|
};
|
||||||
music-projects = {
|
music-projects = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
watch = true;
|
||||||
path = "/media/syncthing/music-projects";
|
path = "/media/syncthing/music-projects";
|
||||||
};
|
};
|
||||||
nextcloud_backup = {
|
nextcloud_backup = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
watch = true;
|
||||||
path = "/media/syncthing/nextcloud_backup";
|
path = "/media/syncthing/nextcloud_backup";
|
||||||
};
|
};
|
||||||
samples = {
|
samples = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
watch = true;
|
||||||
path = "/media/syncthing/samples";
|
path = "/media/syncthing/samples";
|
||||||
};
|
};
|
||||||
series = {
|
series = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
watch = true;
|
||||||
path = "/media/syncthing/series";
|
path = "/media/syncthing/series";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -78,8 +78,8 @@ in
|
||||||
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
|
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
|
||||||
'';
|
'';
|
||||||
PrivateTmp = true;
|
PrivateTmp = true;
|
||||||
Restart = "always";
|
#Restart = "always";
|
||||||
RestartSec = 10;
|
#RestartSec = 10;
|
||||||
UMask = umask;
|
UMask = umask;
|
||||||
};
|
};
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
|
|
||||||
|
|
@ -3,31 +3,36 @@ with lib;
|
||||||
let
|
let
|
||||||
|
|
||||||
computers = {
|
computers = {
|
||||||
#workhorse = {
|
pepe = {
|
||||||
# onionId = fileContents ../../private_assets/onion_id_workhorse;
|
onionId = fileContents ../../private_assets/onion_id_pepe;
|
||||||
# publicKey =
|
# SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI
|
||||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a";
|
||||||
#};
|
};
|
||||||
#porani = {
|
|
||||||
# onionId = fileContents ../../private_assets/onion_id_porani;
|
|
||||||
# publicKey =
|
|
||||||
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
|
|
||||||
#};
|
|
||||||
};
|
};
|
||||||
|
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
|
||||||
services.openssh.knownHosts = mapAttrs'
|
services.openssh.knownHosts = {
|
||||||
|
"robi-init-ssh" = {
|
||||||
|
hostNames = [
|
||||||
|
"[robi]:2222"
|
||||||
|
"[144.76.13.147]:2222"
|
||||||
|
];
|
||||||
|
# SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g
|
||||||
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";
|
||||||
|
};
|
||||||
|
} // (mapAttrs'
|
||||||
(name:
|
(name:
|
||||||
{ onionId, publicKey, ... }: {
|
{ onionId, publicKey, ... }: {
|
||||||
name = "${name}-init-ssh";
|
name = "${name}-init-ssh";
|
||||||
value = {
|
value = {
|
||||||
hostNames = [ onionId ];
|
hostNames = [ "[${onionId}]:2222" ];
|
||||||
inherit publicKey;
|
inherit publicKey;
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
computers;
|
computers);
|
||||||
|
|
||||||
environment.systemPackages =
|
environment.systemPackages =
|
||||||
let
|
let
|
||||||
|
|
@ -36,7 +41,7 @@ in
|
||||||
(name:
|
(name:
|
||||||
{ onionId, ... }:
|
{ onionId, ... }:
|
||||||
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
|
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
|
||||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23
|
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
|
||||||
'')
|
'')
|
||||||
computers;
|
computers;
|
||||||
|
|
||||||
|
|
@ -44,7 +49,7 @@ in
|
||||||
(name:
|
(name:
|
||||||
{ onionId, ... }:
|
{ onionId, ... }:
|
||||||
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
|
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
|
||||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '
|
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '
|
||||||
echo -n "enter password : "
|
echo -n "enter password : "
|
||||||
read password
|
read password
|
||||||
echo "$password" > /crypt-ramfs/passphrase
|
echo "$password" > /crypt-ramfs/passphrase
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,16 @@
|
||||||
{ config, lib, ... }: {
|
{ config, lib, ... }: {
|
||||||
|
|
||||||
services.openssh.knownHosts = {
|
services.openssh.knownHosts = {
|
||||||
|
#"robi_init" = {
|
||||||
|
# hostNames = [
|
||||||
|
# "robi:2222"
|
||||||
|
# "144.76.13.147:2222"
|
||||||
|
# ];
|
||||||
|
# fingerprints
|
||||||
|
# 256 SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g root@rescue (ED25519)
|
||||||
|
# 3072 SHA256:KBVMQLNWaDpzlCZERN9OeEDFAhUoADOZRfenXWHxswU root@rescue (RSA)
|
||||||
|
# publicKey = "";
|
||||||
|
#};
|
||||||
"robi" = {
|
"robi" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"robi.private"
|
"robi.private"
|
||||||
|
|
@ -34,8 +44,7 @@
|
||||||
config.module.cluster.services.tinc.private.hosts.sputnik.tincIp
|
config.module.cluster.services.tinc.private.hosts.sputnik.tincIp
|
||||||
config.module.cluster.services.tinc.secret.hosts.sputnik.tincIp
|
config.module.cluster.services.tinc.secret.hosts.sputnik.tincIp
|
||||||
];
|
];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
|
|
||||||
};
|
};
|
||||||
"workhorse.private" = {
|
"workhorse.private" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
|
|
@ -44,16 +53,14 @@
|
||||||
config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
|
config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
|
||||||
config.module.cluster.services.tinc.secret.hosts.workhorse.tincIp
|
config.module.cluster.services.tinc.secret.hosts.workhorse.tincIp
|
||||||
];
|
];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
|
|
||||||
};
|
};
|
||||||
"porani.secret" = {
|
"porani.secret" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"porani.secret"
|
"porani.secret"
|
||||||
config.module.cluster.services.tinc.secret.hosts.porani.tincIp
|
config.module.cluster.services.tinc.secret.hosts.porani.tincIp
|
||||||
];
|
];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
|
|
||||||
};
|
};
|
||||||
"pepe.private" = {
|
"pepe.private" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
|
|
@ -61,16 +68,14 @@
|
||||||
"pepe.lan"
|
"pepe.lan"
|
||||||
config.module.cluster.services.tinc.private.hosts.pepe.tincIp
|
config.module.cluster.services.tinc.private.hosts.pepe.tincIp
|
||||||
];
|
];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
|
||||||
};
|
};
|
||||||
"mobi.private" = {
|
"mobi.private" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"mobi.private"
|
"mobi.private"
|
||||||
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
|
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
|
||||||
];
|
];
|
||||||
publicKey =
|
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhBtcipW9rV6hHS2hv5tl5hd8vW8dnuFfFwnAs2u0kS";
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhBtcipW9rV6hHS2hv5tl5hd8vW8dnuFfFwnAs2u0kS";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -46,7 +46,7 @@ with lib; {
|
||||||
# -------------------------------
|
# -------------------------------
|
||||||
private = {
|
private = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -55,12 +55,12 @@ with lib; {
|
||||||
};
|
};
|
||||||
desktop = {
|
desktop = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" ];
|
||||||
};
|
};
|
||||||
finance = {
|
finance = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -69,7 +69,7 @@ with lib; {
|
||||||
};
|
};
|
||||||
fotos = {
|
fotos = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" ];
|
devices = [ "pepe" "sterni" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -82,7 +82,7 @@ with lib; {
|
||||||
books = {
|
books = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
id = "wwbvs-5lfbh";
|
id = "wwbvs-5lfbh";
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" "robi" ];
|
devices = [ "pepe" "sterni" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -91,7 +91,7 @@ with lib; {
|
||||||
};
|
};
|
||||||
lost-fotos = {
|
lost-fotos = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "robi" ];
|
devices = [ "pepe" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -101,7 +101,7 @@ with lib; {
|
||||||
movies = {
|
movies = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
id = "vatmy-c2qf4";
|
id = "vatmy-c2qf4";
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "robi" ];
|
devices = [ "pepe" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -111,7 +111,7 @@ with lib; {
|
||||||
music-library = {
|
music-library = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
id = "gytmq-r2zrx";
|
id = "gytmq-r2zrx";
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" "robi" ];
|
devices = [ "pepe" "sterni" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -121,7 +121,7 @@ with lib; {
|
||||||
music-projects = {
|
music-projects = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
id = "acfhu-r4t4f";
|
id = "acfhu-r4t4f";
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "sterni" "robi" ];
|
devices = [ "pepe" "sterni" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -130,7 +130,7 @@ with lib; {
|
||||||
};
|
};
|
||||||
nextcloud_backup = {
|
nextcloud_backup = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "robi" ];
|
devices = [ "pepe" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
@ -140,13 +140,13 @@ with lib; {
|
||||||
samples = {
|
samples = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
id = "pcgkj-tjucd";
|
id = "pcgkj-tjucd";
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "sterni" "pepe" "robi" ];
|
devices = [ "sterni" "pepe" "robi" ];
|
||||||
};
|
};
|
||||||
series = {
|
series = {
|
||||||
enable = lib.mkDefault false;
|
enable = lib.mkDefault false;
|
||||||
id = "all-series";
|
id = "all-series";
|
||||||
watch = false;
|
watch = lib.mkDefault false;
|
||||||
devices = [ "pepe" "robi" ];
|
devices = [ "pepe" "robi" ];
|
||||||
versioning = {
|
versioning = {
|
||||||
type = "simple";
|
type = "simple";
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,7 @@ in
|
||||||
config.users.users.root.openssh.authorizedKeys.keyFiles);
|
config.users.users.root.openssh.authorizedKeys.keyFiles);
|
||||||
};
|
};
|
||||||
hostKey = mkOption {
|
hostKey = mkOption {
|
||||||
default = "/etc/ssh/ssh_host_ed25519_key";
|
default = "/etc/secrets/initrd/ssh_host_ed25519_key";
|
||||||
type = with types; path;
|
type = with types; path;
|
||||||
description = ''
|
description = ''
|
||||||
To generate keys, use ssh-keygen(1):
|
To generate keys, use ssh-keygen(1):
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue