summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2020-01-06 16:16:49 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2020-01-06 16:16:49 +0100
commit47a7563f2a92a07419ecf978037134b2a241c826 (patch)
tree57815cde9c6c5c6583d52067c056845452b5da5b
parent80d993a872034566e4ba9799fde3608cebadf3ce (diff)
downloadnixos-47a7563f2a92a07419ecf978037134b2a241c826.tar
nixos-47a7563f2a92a07419ecf978037134b2a241c826.tar.gz
nixos-47a7563f2a92a07419ecf978037134b2a241c826.tar.bz2
nixos-47a7563f2a92a07419ecf978037134b2a241c826.tar.xz
nixos-47a7563f2a92a07419ecf978037134b2a241c826.zip
preshared knownHosts
-rw-r--r--custom/uucp.nix2
-rw-r--r--hel.nix1
-rw-r--r--knownHosts.nix30
m---------nixpkgs0
-rw-r--r--odin.nix1
-rw-r--r--sif.nix1
-rw-r--r--ymir.nix1
7 files changed, 35 insertions, 1 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix
index 7fccb7e5..54f5aac4 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -60,7 +60,7 @@ let
60 publicKeys = mkOption { 60 publicKeys = mkOption {
61 type = types.listOf types.str; 61 type = types.listOf types.str;
62 default = []; 62 default = [];
63 description = "SSH public keys for this node"; 63 description = "SSH client public keys for this node";
64 }; 64 };
65 65
66 generateKey = mkOption { 66 generateKey = mkOption {
diff --git a/hel.nix b/hel.nix
index 47475c16..05d5818c 100644
--- a/hel.nix
+++ b/hel.nix
@@ -159,6 +159,7 @@
159 159
160 openssh = { 160 openssh = {
161 enable = true; 161 enable = true;
162 knownHosts = import ./knownHosts.nix;
162 }; 163 };
163 164
164 atd = { 165 atd = {
diff --git a/knownHosts.nix b/knownHosts.nix
new file mode 100644
index 00000000..83b3c6f0
--- /dev/null
+++ b/knownHosts.nix
@@ -0,0 +1,30 @@
1{
2 ymir = {
3 hostNames = ["ymir.yggdrasil.li" "ymir.niflheim.yggdrasil" ];
4 publicKey = ''
5 ymir.yggdrasil.li ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWpw==
6 ymir.yggdrasil.li ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZD
7 '';
8 };
9 odin = {
10 hostNames = ["odin.asgard.yggdrasil"];
11 publicKey = ''
12 odin.asgard.yggdrasil ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5tCkUoo1V97e7bdAnOvxYXgJ8i+PrECUzbXW8Xwy/ir6a/cl3Lm+RMV/h29sVVT56bb0TtZ/JrYyYyWpy/g8FDGgm06mHnxGjjCE7FQpMRk/QoE7JKvqB4mTyMH6lE9lfuLiPI0S7JXrx0xiSJS0Z989Xmu8CN0pA4qyNmMVvAm+zSgxA1KLVcOWUw9mbmVInm1JB+l/psmYcdne4fjWGOn8awY0KGSB5W8xiThjoJe2a8BrW5g8xYS7mLQeKvCkVmukvMu9rUPdCqXp5QPBD8l7tl2jnrefSTRozysfZGX2aRy+a1xXZ/LLBimM/DQ2vDeXYGmE0saCTAgOm4u6Cx6j+SHq64koLaWfHygVeyvCnD0ttKhVzBkbsqzyootg/C1uNaMnavkfUVgSZigyHvfvgGLq39awQ3Zxgxui7vhPy0Mjf2/3EWJyWRvZTX7gBDO0pi8bfyTqhEKTBNn2MvN4gAimc14tO0XClVzh1iUWJMqewoX22u4RUOr3b4MJoUMgiFvyup3gL0+n7EJhMtYrUJ1FwlzGGLCZUtgdQ8tIYz+DWfXIPWXA7rBuUu/fNxrpNqEHtagsnQ4LEquxhq5iqgRZ4/BpwRi1Lp6tcNDCFeG80CFEcKpQv4nPXSHuwPfb3hGZAxy0pnB/BKJ0Uo6azvGb0xTL7P65y25Yjaw==
13 odin.asgard.yggdrasil ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC0bDMyJFg6VNgiTebP9z9LJ90scGGdILK0qpNFQhMfc
14 '';
15 };
16 hel = {
17 hostNames = ["hel.asgard.yggdrasil" "hel.faraday.asgard.yggdrasil" "hel.midgard.yggdrasil"];
18 publicKey = ''
19 hel.midgard.yggdrasil ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPpiWp5AN75fV/P+oLLExOkJ933dr4r0tE8deUjSB8QlNWoNSxg0WP8noUri52TkbYV1JZh+r6o4XGZrsXHdk2+ggLYDvIbNyUumsTGI2stexuw9oow9OMys1+f1Ld+szyYnO6dA+zXAjHXS129r3PtSMc9ELra+W5tARFdmcBQt0v/pgSkz1acJQvv8286ioyxUfQ08JUBD2Nb6dVCtdCFXZkivFpKV5mNDOsDsNwBJQda6o5SUuglIEzvP1Q2HPlBAV3pozvmlzUgZrY3hiEkge4fmqm71ZCbCNv61FYKo1LgtMDGLHyxT72lmESR7yS5s1O/nPHCAOeWns40h2ykOD1bfWYFdgH9oEOYbCxGTryfSAJn5qS1FP7serBcjW/lCTfYBNXXtuOHSBLDKfmNb5WgQKPgjSWrVOtk8qWHP2DOgF0C1vL4qr2CjE2LvwxwfC6PaMGb7TJHFeQTPobVgH6m9BGTsVciRIo4PmfYQ9xLD9rcvYd7SDk5KFantphmPgZrQ4PkMik/9Hx3+Mg2L4SuLtXNxmMmTZgXGv5N+NbSkOXNxmjjM0fVSX/d2FOmY51XvLIIx0C+kwiv4FfqI3jbmqvf6mJ7Ev6peoTYgZ3yqeLkC8MOelC77CKfeO+pgGiPR/dEPPCoFHq1kgaOa0dl8Iuzgo/Z0ZGUtux1Q==
20 hel.midgard.yggdrasil ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVmpfhUPgjsWyvomTbRJh5qkIC5WzdgdatqfRTd1EcK
21 '';
22 };
23 sif = {
24 hostNames = ["sif.asgard.yggdrasil" "sif.faraday.asgard.yggdrasil" "sif.midgard.yggdrasil"];
25 publicKey = ''
26 sif.midgard.yggdrasil ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCeFqJep1CuWakcoiAkz4bSaHbAIwM89Er46o3KUpjCWGTmDmhJyBiG38pupcctH0awwElkX09GsNx230mTtjT6qcxN+vGsGMJIqFD+/7ZobSLJDHYCo6Jx23jZUjg1SqxYjwB5ooWGI61Vh6SaOy8WRrUn0q8rJyd9SEC+3tJlKO5QqRi/Vnwzj47m+YjGz2UlqJ9a4GeRh1O5SiGx5jd4a/VoeK1XJcW94XeWpPQdUGnVYUXZn9cwYVrogmXdr18ImnPxghsQg4xwS2A6KMjUw9m56XkqIq7vTslmL9JaYcjlSCHbsSVq9+Wu1oKxoyndN7Sim7SkAZwHFUEMBNlontBitgYl6z10VdKX739os6h07uXjGEs+mPk4/CkGZhvhnErV2T9FO+65jnU3mZkeX5tfJHqJ8PnDch2JD6O7+Mjpce4zs/x3mwH36peER6iiIBYGlSF0AlUDShdqj+fPWFu6gZ9piOAZ2L3YXDA0ulM6pL69SbulrUNOwtTy6LkBfKDwpaQK1KO1VOYBaKa7s+krOJXW18k+tpfo4aKSeTuwvykMPndKMKvxcsxNymkGo2AzLw017Qgshzv9rRbLNMBFd85S3krakGyBVL0HAVrAdkjvsWqj5FnHAjgBc1AZnZPbJu3g9/wm7k8rPMV0jxKMpW+zxjVFYDhFUWYp9w==
27 sif.midgard.yggdrasil ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfiwlzGcNQjamtIwv7fmXnddjajraeovaM6gRNui1+v
28 '';
29 };
30}
diff --git a/nixpkgs b/nixpkgs
Subproject e52f6d93945458ee7b6c6dce38812556c2b064d Subproject 99a4a7363ccc565629230ebc8cf8c949da2ffb5
diff --git a/odin.nix b/odin.nix
index af58e299..1ae5d26c 100644
--- a/odin.nix
+++ b/odin.nix
@@ -69,6 +69,7 @@
69 extraConfig = '' 69 extraConfig = ''
70 AllowGroups ssh 70 AllowGroups ssh
71 ''; 71 '';
72 knownHosts = import ./knownHosts.nix;
72 }; 73 };
73 users.groups."ssh" = { 74 users.groups."ssh" = {
74 members = ["uucp" "root" "gitolite"]; 75 members = ["uucp" "root" "gitolite"];
diff --git a/sif.nix b/sif.nix
index 63d63e8b..f7c6b2e3 100644
--- a/sif.nix
+++ b/sif.nix
@@ -67,6 +67,7 @@
67 67
68 openssh = { 68 openssh = {
69 enable = true; 69 enable = true;
70 knownHosts = import ./knownHosts.nix;
70 }; 71 };
71 72
72 atd = { 73 atd = {
diff --git a/ymir.nix b/ymir.nix
index f5ab341d..d9c13f7b 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -227,6 +227,7 @@ in rec {
227 extraConfig = '' 227 extraConfig = ''
228 AllowGroups ssh 228 AllowGroups ssh
229 ''; 229 '';
230 knownHosts = import ./knownHosts.nix;
230 }; 231 };
231 users.groups."ssh" = { 232 users.groups."ssh" = {
232 members = ["gitolite" "uucp" "root"]; 233 members = ["gitolite" "uucp" "root"];