Compare commits
2 commits
875620e809
...
766f4a8b4b
| Author | SHA1 | Date | |
|---|---|---|---|
|
766f4a8b4b | ||
|
|
dd75b61992 |
6 changed files with 56 additions and 40 deletions
|
|
@ -61,26 +61,32 @@
|
|||
};
|
||||
movies = {
|
||||
enable = true;
|
||||
watch = true;
|
||||
path = "/media/syncthing/movies";
|
||||
};
|
||||
music-library = {
|
||||
enable = true;
|
||||
watch = true;
|
||||
path = "/media/syncthing/music";
|
||||
};
|
||||
music-projects = {
|
||||
enable = true;
|
||||
watch = true;
|
||||
path = "/media/syncthing/music-projects";
|
||||
};
|
||||
nextcloud_backup = {
|
||||
enable = true;
|
||||
watch = true;
|
||||
path = "/media/syncthing/nextcloud_backup";
|
||||
};
|
||||
samples = {
|
||||
enable = true;
|
||||
watch = true;
|
||||
path = "/media/syncthing/samples";
|
||||
};
|
||||
series = {
|
||||
enable = true;
|
||||
watch = true;
|
||||
path = "/media/syncthing/series";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -78,8 +78,8 @@ in
|
|||
find "$ROOT_PATH" -type f -exec chmod "$FILE_MODE" {} +
|
||||
'';
|
||||
PrivateTmp = true;
|
||||
Restart = "always";
|
||||
RestartSec = 10;
|
||||
#Restart = "always";
|
||||
#RestartSec = 10;
|
||||
UMask = umask;
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
|
|
|||
|
|
@ -3,31 +3,36 @@ with lib;
|
|||
let
|
||||
|
||||
computers = {
|
||||
#workhorse = {
|
||||
# onionId = fileContents ../../private_assets/onion_id_workhorse;
|
||||
# publicKey =
|
||||
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
|
||||
#};
|
||||
#porani = {
|
||||
# onionId = fileContents ../../private_assets/onion_id_porani;
|
||||
# publicKey =
|
||||
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
|
||||
#};
|
||||
pepe = {
|
||||
onionId = fileContents ../../private_assets/onion_id_pepe;
|
||||
# SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
services.openssh.knownHosts = mapAttrs'
|
||||
services.openssh.knownHosts = {
|
||||
"robi-init-ssh" = {
|
||||
hostNames = [
|
||||
"[robi]:2222"
|
||||
"[144.76.13.147]:2222"
|
||||
];
|
||||
# SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";
|
||||
};
|
||||
} // (mapAttrs'
|
||||
(name:
|
||||
{ onionId, publicKey, ... }: {
|
||||
name = "${name}-init-ssh";
|
||||
value = {
|
||||
hostNames = [ onionId ];
|
||||
hostNames = [ "[${onionId}]:2222" ];
|
||||
inherit publicKey;
|
||||
};
|
||||
})
|
||||
computers;
|
||||
computers);
|
||||
|
||||
environment.systemPackages =
|
||||
let
|
||||
|
|
@ -36,7 +41,7 @@ in
|
|||
(name:
|
||||
{ onionId, ... }:
|
||||
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
|
||||
'')
|
||||
computers;
|
||||
|
||||
|
|
@ -44,7 +49,7 @@ in
|
|||
(name:
|
||||
{ onionId, ... }:
|
||||
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '
|
||||
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '
|
||||
echo -n "enter password : "
|
||||
read password
|
||||
echo "$password" > /crypt-ramfs/passphrase
|
||||
|
|
|
|||
|
|
@ -2,6 +2,16 @@
|
|||
{ config, lib, ... }: {
|
||||
|
||||
services.openssh.knownHosts = {
|
||||
#"robi_init" = {
|
||||
# hostNames = [
|
||||
# "robi:2222"
|
||||
# "144.76.13.147:2222"
|
||||
# ];
|
||||
# fingerprints
|
||||
# 256 SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g root@rescue (ED25519)
|
||||
# 3072 SHA256:KBVMQLNWaDpzlCZERN9OeEDFAhUoADOZRfenXWHxswU root@rescue (RSA)
|
||||
# publicKey = "";
|
||||
#};
|
||||
"robi" = {
|
||||
hostNames = [
|
||||
"robi.private"
|
||||
|
|
@ -34,8 +44,7 @@
|
|||
config.module.cluster.services.tinc.private.hosts.sputnik.tincIp
|
||||
config.module.cluster.services.tinc.secret.hosts.sputnik.tincIp
|
||||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICTLXDTqUtl0BQgzH1O7CRulGCRN1P4KU8imL/wjYFh8";
|
||||
};
|
||||
"workhorse.private" = {
|
||||
hostNames = [
|
||||
|
|
@ -44,16 +53,14 @@
|
|||
config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
|
||||
config.module.cluster.services.tinc.secret.hosts.workhorse.tincIp
|
||||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
|
||||
};
|
||||
"porani.secret" = {
|
||||
hostNames = [
|
||||
"porani.secret"
|
||||
config.module.cluster.services.tinc.secret.hosts.porani.tincIp
|
||||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
|
||||
};
|
||||
"pepe.private" = {
|
||||
hostNames = [
|
||||
|
|
@ -61,16 +68,14 @@
|
|||
"pepe.lan"
|
||||
config.module.cluster.services.tinc.private.hosts.pepe.tincIp
|
||||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJPlva+Vdj8WmQPlbQLN3qicMz5AAsyTzK53BincxtAz";
|
||||
};
|
||||
"mobi.private" = {
|
||||
hostNames = [
|
||||
"mobi.private"
|
||||
config.module.cluster.services.tinc.private.hosts.mobi.tincIp
|
||||
];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhBtcipW9rV6hHS2hv5tl5hd8vW8dnuFfFwnAs2u0kS";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGhBtcipW9rV6hHS2hv5tl5hd8vW8dnuFfFwnAs2u0kS";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ with lib; {
|
|||
# -------------------------------
|
||||
private = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -55,12 +55,12 @@ with lib; {
|
|||
};
|
||||
desktop = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" ];
|
||||
};
|
||||
finance = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -69,7 +69,7 @@ with lib; {
|
|||
};
|
||||
fotos = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -82,7 +82,7 @@ with lib; {
|
|||
books = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "wwbvs-5lfbh";
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -91,7 +91,7 @@ with lib; {
|
|||
};
|
||||
lost-fotos = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -101,7 +101,7 @@ with lib; {
|
|||
movies = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "vatmy-c2qf4";
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -111,7 +111,7 @@ with lib; {
|
|||
music-library = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "gytmq-r2zrx";
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -121,7 +121,7 @@ with lib; {
|
|||
music-projects = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "acfhu-r4t4f";
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "sterni" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -130,7 +130,7 @@ with lib; {
|
|||
};
|
||||
nextcloud_backup = {
|
||||
enable = lib.mkDefault false;
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
@ -140,13 +140,13 @@ with lib; {
|
|||
samples = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "pcgkj-tjucd";
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "sterni" "pepe" "robi" ];
|
||||
};
|
||||
series = {
|
||||
enable = lib.mkDefault false;
|
||||
id = "all-series";
|
||||
watch = false;
|
||||
watch = lib.mkDefault false;
|
||||
devices = [ "pepe" "robi" ];
|
||||
versioning = {
|
||||
type = "simple";
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ in
|
|||
config.users.users.root.openssh.authorizedKeys.keyFiles);
|
||||
};
|
||||
hostKey = mkOption {
|
||||
default = "/etc/ssh/ssh_host_ed25519_key";
|
||||
default = "/etc/secrets/initrd/ssh_host_ed25519_key";
|
||||
type = with types; path;
|
||||
description = ''
|
||||
To generate keys, use ssh-keygen(1):
|
||||
|
|
|
|||
Loading…
Reference in a new issue