diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-05-15 15:47:54 +0200 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-05-15 15:47:54 +0200 |
commit | 99ee3e18f337218fff3bb2970df60e78978ef523 (patch) | |
tree | a2fd3414df8a5c0013da8efd185226b1ab5b497e | |
parent | 1514c30e46768eb978996660ad46ca8e48cef5b7 (diff) | |
download | nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar.gz nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar.bz2 nixos-99ee3e18f337218fff3bb2970df60e78978ef523.tar.xz nixos-99ee3e18f337218fff3bb2970df60e78978ef523.zip |
surtr
-rw-r--r-- | accounts/gkleen@surtr.nix | 1 | ||||
-rw-r--r-- | hosts/surtr/default.nix | 105 | ||||
-rw-r--r-- | system-profiles/openssh/host-keys/surtr.yaml | 37 | ||||
-rw-r--r-- | system-profiles/openssh/known-hosts/surtr.nix | 28 | ||||
-rw-r--r-- | system-profiles/qemu-guest.nix | 19 |
5 files changed, 190 insertions, 0 deletions
diff --git a/accounts/gkleen@surtr.nix b/accounts/gkleen@surtr.nix new file mode 100644 index 00000000..64629674 --- /dev/null +++ b/accounts/gkleen@surtr.nix | |||
@@ -0,0 +1 @@ | |||
{...}: {} | |||
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix new file mode 100644 index 00000000..b3a55dac --- /dev/null +++ b/hosts/surtr/default.nix | |||
@@ -0,0 +1,105 @@ | |||
1 | { flake, pkgs, ... }: | ||
2 | { | ||
3 | imports = with flake.nixosModules.systemProfiles; [ | ||
4 | qemu-guest openssh | ||
5 | ]; | ||
6 | |||
7 | config = { | ||
8 | nixpkgs = { | ||
9 | system = "x86_64-linux"; | ||
10 | }; | ||
11 | |||
12 | networking.hostId = "a64cf4d7"; | ||
13 | environment.etc."machine-id".text = "a64cf4d793ab0a0ed3892ead609fc0bc"; | ||
14 | |||
15 | boot = { | ||
16 | loader = { | ||
17 | systemd-boot.enable = true; | ||
18 | efi.canTouchEfiVariables = true; | ||
19 | timeout = null; | ||
20 | }; | ||
21 | |||
22 | kernelPackages = pkgs.linuxPackages_latest; | ||
23 | |||
24 | tmpOnTmpfs = true; | ||
25 | |||
26 | supportedFilesystems = [ "zfs" ]; | ||
27 | }; | ||
28 | |||
29 | fileSystems = { | ||
30 | "/" = { | ||
31 | fsType = "tmpfs"; | ||
32 | options = [ "mode=0755" ]; | ||
33 | }; | ||
34 | |||
35 | "/boot" = | ||
36 | { device = "/dev/disk/by-label/boot"; | ||
37 | fsType = "vfat"; | ||
38 | }; | ||
39 | |||
40 | "/nix" = | ||
41 | { device = "surtr/local/nix"; | ||
42 | fsType = "zfs"; | ||
43 | }; | ||
44 | |||
45 | "/root" = | ||
46 | { device = "surtr/safe/home-root"; | ||
47 | fsType = "zfs"; | ||
48 | neededForBoot = true; | ||
49 | }; | ||
50 | |||
51 | "/var/log" = | ||
52 | { device = "surtr/local/var-log"; | ||
53 | fsType = "zfs"; | ||
54 | }; | ||
55 | |||
56 | "/home" = | ||
57 | { device = "surtr/safe/home"; | ||
58 | fsType = "zfs"; | ||
59 | }; | ||
60 | }; | ||
61 | |||
62 | networking = { | ||
63 | hostName = "surtr"; | ||
64 | domain = "muspelheim.yggdrasil"; | ||
65 | search = [ "muspelheim.yggdrasil" "yggdrasil" ]; | ||
66 | |||
67 | enableIPv6 = true; | ||
68 | dhcpcd.enable = false; | ||
69 | useDHCP = false; | ||
70 | useNetworkd = true; | ||
71 | defaultGateway = { address = "202.61.240.1"; }; | ||
72 | defaultGateway6 = { address = "fe80::1"; }; | ||
73 | interfaces."ens3" = { | ||
74 | ipv4.addresses = [ | ||
75 | { address = "202.61.241.61"; prefixLength = 22; } | ||
76 | ]; | ||
77 | ipv6.addresses = [ | ||
78 | { address = "2a03:4000:52:ada::"; prefixLength = 64; } | ||
79 | ]; | ||
80 | }; | ||
81 | |||
82 | firewall = { | ||
83 | enable = true; | ||
84 | allowPing = true; | ||
85 | allowedTCPPorts = [ | ||
86 | 22 # ssh | ||
87 | ]; | ||
88 | allowedUDPPortRanges = [ | ||
89 | { from = 60000; to = 61000; } # mosh | ||
90 | ]; | ||
91 | }; | ||
92 | }; | ||
93 | |||
94 | services.openssh = { | ||
95 | passwordAuthentication = false; | ||
96 | challengeResponseAuthentication = false; | ||
97 | extraConfig = '' | ||
98 | AllowGroups ssh | ||
99 | ''; | ||
100 | }; | ||
101 | users.groups."ssh" = { | ||
102 | members = ["root"]; | ||
103 | }; | ||
104 | }; | ||
105 | } | ||
diff --git a/system-profiles/openssh/host-keys/surtr.yaml b/system-profiles/openssh/host-keys/surtr.yaml new file mode 100644 index 00000000..d31fda3c --- /dev/null +++ b/system-profiles/openssh/host-keys/surtr.yaml | |||
@@ -0,0 +1,37 @@ | |||
1 | dsa: ENC[AES256_GCM,data:+2nv7zqZ47EhQnZ5x8no5J/0r1iWgmSxBMkiYig18JgdZa77lj9y05EubUlELJlGcqcQMD97xFKQdU9BRMGn2Bq0IeK3nBoENkDEp7ksmn6c+hh2GVCDDk5sQnNl1yQB0bo7TEHRddJe+xbAWZ2LGFRyc+ApBWCtqBnQ12+58dY2VarcogT0tNPaga76Mz6K31V6g9PAhiEL9hFl8F3p/ptgsdIArX6xI6+g/tRkE056EuPsqiAXbMagm2dBQOEUiicUEqpgMvnLhlre3FkRWWotrGtGsB0Sum4BY1mrTxaXJf/J5kt4DrPconjooSkzQPImTPtO1cXIHmmAWiQIOJ6xon3dXB2pq4KpWs4wVZ1a2OMXrgAkUCDsYwNQiyv85YREaMvo7J1nfbrP2VRRdPcP3XgbwXkcqzt0r9LYq17bYHxJmhrP9Si7wCwBkCkGxgyLhMTmXQjKairqRqM+5lnHa44bQ2AhMmq4iKCkSJo7fUXOdDNX0n61PFJSOT/UVsHiVDlqcpcSm/GcARcObdVWmXvjw81pmMTjMlAmLupU5yPiWTZr5lMTG42hDO1Yjq9fuA6tN+Op9duVaWc6YiA7qDSTEpGtGmb4wObAgelCfuUTTo+Wp77lqTAeL2eGfuSAKDMb6z3NfCpSpgvJMWhGJtqJfKd2Cu87P06UUgmnyyjVazVTUWmT/ALX6rosUmGChbx5SSQ8tin/jQdIoq4Qs3hR+7AtBil7DF9fpUfHy8OmP/BKbgihuZa1+n9fyiLnw4QfKGFWmmoh06upSrAu3fYofVe1iYuZUUTP/NNUxn/JxbYn2OrQ9PY7GVcFdRBtyU+R8aQ/bawlcwnaIIQOA04iip1P5tgQ8CWCzuHFyP+d9Eun9oD6wPvSoNWXAftochNU6Ol8MQ8ESe22hrO19TrirgxEGwOTVFVLIV1kLlRZ+eCcY3HI/Mq9hnu9KndrMcLsPnjPyzsPo/CmeIOxryT1lY+LKU2mJT0pLq4j1Mt3QrjOuruM4fSYrS5DdDWTXP1Gk5GiULyd12RQFQVznRlYMy6BcSUmRgTWezX+o0dt18aJGNsm0UpS3yjL8BQpatpxq8LxCp9pNhuIyfF3HyjyNeTX1be60XmblYPr+w6OK8sV83p7TTGYVe9xzp0HC87+SBRTWN6SUCkmVrdhzbEBaDZG1a5Ldvar1QbAZF8riUMHnGarh2ZX6Gv2acsnMV5qb8t/HlK3rCKtYk27ok8ENFQqNIpMvVtoxKNPLNBRMNz8KG77fSnYoGmDFVlY82mrDBqvfbHbZgd3wb6WO3xu0KYY8Vc+ymcFromXBxYOhliNAHxYWNRJPfbXEqGRmA2/P5H0yWPdqL29JLX7SeW6+xzWUY5LWDSHBd2qTl8FdWIddAl8jBs2IiNUIGAUayNLNCSjgbVXOsdk8Hx9aQs5RmwFzXX+jBCeYRXdkN5HLFP8o+9hkWbBv4vIRrJxrRvRAVEoP55ZLhFZakrQ52NQwA2Z2SlFnMgSbs9jzDuMRjhX6kkuiE4DdbCkEfkhaqWDY46PGpfhNJ1LTWJZjTLuwvSwb6toyhEzRdpZGHX9ZCGR39h8GtLD/NVvYx4+8rgvWEah8Aizh5PtmjxJD03dQBuFSpnniuxYyEzRiQPK0QcvDerBRzUFC45CCBOdvbf2EcaQygkRCyoAC4hQ5KE/0sWKlotg0zOtwh3Yd+yts4AA4Hmf8Mx3i4hTlG90hVccdPULr9M613V9VmD95+Vz1ugxM5QwTvMvqNh4WI86hX4RfpgulxVYrQOAKZjgTlGnUNu3wZK7X8P9PGOCt/QkfXIXMA==,iv:+x4eD9lw/b2GvLV8Wsp+UZY+lqCN1oknXCbTGwnQNqU=,tag:pU67QbCxEmUc/mT1gzTTsQ==,type:str] | ||
2 | ecdsa: ENC[AES256_GCM,data:obC22x4LSu8YAbqioGx+6SMggFZyT5SDLN+XyOyoTP9OxP8OV73yWp4G36jJqxri9uRtdZbhy+sMXwNEErvN4p9H3pPv0H9KiqJf3Lbs/7pqGT5xbWD4f5A9BcXVwi7qk9XQIDtLfyL6YsQnyOFRO2/bWKY/CpvZOxhyRCkt3s4PsuTRRNvPfmuGbH4OgKDB8aIzNtracLpYakQtg9hI9izQetE4rf758QR6E76C4h5/J7SBzzPh2TfDYesVjjM8PwR7elN8ee8bfpQLKhyqA+FGSInLWrPho+7vBVLC2IYHOShbCXX19XXp9w/vefFGdBIKE7yEaKpCIavW4g1ZVt3UJJC9th/yVUDMpwp7/L72qgwgH7/tO4X5fT6NhUnhJA7xl+eiqe5/SpVCJwyYduTZHAlLlMAM4moF134vj3clsDb2fkV1AoZYeUtxCmbKVDy9lD12FqJ+mfTJ+bc3SZTCBR1ZeBMu/6u/xNzl3TLTfuJ5bW9VFa7vCy48di9mtcr5BhEU7u4C9T7RzoVNDjstxyoc5grqX4Q7GPOcmghV21QE49nsvdQTUxQejtZ/83lY5h/7nhzfd12mHR99cZhiZdwdJZoK8XKWwgjkXLXQF353+KShgFNmBs/8SyqAjNP66wUPO+YW/S7c7HoDiPIN9n/Za4erCg==,iv:agx+d66Pv5KOqzuzQFLMiywyh3REDzXrGW/F6lAm9tE=,tag:ozfiD2P6knpu+QQpSo+GCg==,type:str] | ||
3 | ed25519: ENC[AES256_GCM,data:oFbZx5F797BF/lmKgfdX6ByB2/wBe8gfzJ2gc6m56vgBKFVIs1aIaOFHcUkeJ5wGfSVTZ4C6zv8bTPouIEDSEkFXT9rUXXUbnQ4tCw7BtpfJv40uZWEror5L8vLGzDV5kBs3TaD96ceAdzIF4psQpsyLhhJTtM8h6tJOs5JpDIG3BMXzVkaSAUCsYLIK9iqkyhVCDidqUm+A9Tke6NP5Oqq90n5q7hamPPwpzMFAFl6z5rf6jH3KTSOk+X98VT6vuInuoKc4ODLfGx1AQPJou4GGEOuFkbmsyA7CPZgNsgfnn13nR3CBqiioyzUJwBww3HAfyA2+ZvXhT4fQwAyM/o72F1gpL+LyPzHKPw4IR7f5+WGgoJjs/ORCvPbPG9jpkFEXKOUEgNFO881eIFizBYHvGc7zQS0rD5SspzSqETJ7zRqeB5EpANvZ2Fpv4adJKHZ/o0McMjr9meAxtV6Iunp2EG8tT1/QvuZZ+dFB1Uitpwt2fpd5iFX0uTeSB3gMPgWz3fvx207Bp/SprQdO,iv:vNu2tRvwkBUdgVSnkPli8NMlXNKfbrnf+MsPbnrDF58=,tag:oWYTDKymFM8YRSXwKdc5wg==,type:str] | ||
4 | rsa: ENC[AES256_GCM,data:RBq1mV5XP4J7ETvRI/BLi1+MwqowUflN12h5T8csVejTLVjNDb03TbPMyH0mACPFK5fNDO+9vQ9HC6riIOiSZkXCjwkP//HdF8XqfAg4GrB+Y21fALDF4+Hmux/SrdJfL+JQ4iKWc1zI/bXZOX686/gdDC/dBFLbBD2Tc+n2yqRY6qDAqHZev7epAUtF0w5DTU+Oyt1tcuP73U+oqNs1C8o8zlKAfOgfSAS03sA0WDJJDWCwlnqAnP/Oh4MmUxAobi5afrJLLnmotCsvBCWN8a+zjR5PanGXINv8O1Fhi/ehKauM51zL7IZfKpjZxHS3IzjcTsGKJKP3QE6e8tYojKAPmZac/xcmsDTG/qZC4z7Tp0u6haENbZo+5kK8QyWLZr7b0yUqIYq4s7Y1/dMv3VO+EdmEKfVugg+W2+J9YsZNEkOuAptfKgM3eklry5YrkUVPy8U2nNyahVPzZExfFmjGGmKhdita8SLpD6s+ang0D5GIU8QmfAcrEqIqsCWn202BTdb77NMsfziTmRsJxdTtB5ZmeQL611uL2GI06Th6WqN96I+7eh0hze5TySaDRasKpnqWKnfg0UcoPaw8qW39CXWlZ1sqjlJP82lDs1rKkAeBDcB6YU+mtQnpfSPdGMOHnMNJ97tY4JhdJW4QCqR5Lr/m2aKxOwoc+BQqT4lSymBqPkolDYrBS+pHMHF6MS8TPsdBHt/6bFEiCzXBEmDe/Hx3eNVuT/YQJSBJzF9g98X0/79fkBMi+yI857d/a93cGzddQ1jLjS1yT6Qr+eegozNfeJPzdOSYbIh2xaYZ4MjUiO0LQr44DXOCA+y2viOpi44EvLqqqqDWHf5bcLfljVVF2bgzS54MThC0qlllNDaFpDSUdDQbVYgu8V2D8yCW/WuS+FPtvqIcSL3ZVsE1KgLplIXOdAOlw7YTisjOaXU1uwJNBYfxWlNjiiV/BtJ8rs53i9uPJN5oZ3cRh14mjAoJAhajamN3+xaXo85clthH9B3qSacduzsinsKiy4gL00Fi2WY3MKKbjaWL/JuELqvD37EibQ7HXffWPTBzc7zILRBetW57w44vMCX3kr0ESGzdtfVLsb7/WY937LACkkFIs7puWcgBJVwhAAEvTeOl11ynPKGDEjHah1wTNvWlpe6v4ko3zwNJOVp3lk9M0fwrNbS1jz4HKU+NGPrZS1/nOUd3YjJXCXzJTcq7hhhsBQYOw8+CT3EeWPURj0L0Ddo/a7MZgdTnN325iPqGErDx0F6UkAR8KcyT2M7AWqF0XRYsGDRs99siRF2aQ8UTq2IX5NE8lLG/QtyPrvVTV/tOX285Jt9C5yRufbNcGKUrXPB+SQM2eH0ip6QTvZ+CYfbGO2VIR7RISTUHKKNPMEMGOz5ZQaPc+8qMfFP7+1lz+fkZ7n+ZSVj9GI/GkbDHNERBos7JBSeG3hvVgraGKeanmHerRxlX42GEF8cQvMEjrCGp+PZPMcEmM7c5/5yJ0iYNyk3ES8LP2ax0XoGpWPxA67WNdzNiDd2JSLwHytxaPf3U5FO5rWLj4byrjDRoOZs0maIsVkEkABcCEyN7t20WzhBmnrx8fkrULXgeIcbQjFcL1x6UW2FS1AUWnHu23XoFxFu4HHIPYZdL70DdsoJr5MS0oZ92oBhaQAXE8nP3RLIMm8yZTqnYuTNzXo3ap9iXyFX+Srp4UvVPyHj8hO3LsXeX6TDQL5R93VMtv9EMQVksSLJU+kLeoKqkMivSAEtD9Zt/GYQdXoXjInY7NpDCha9NBSg+5N2vtVeojI7q/g6Oimq+uT2dRB+62lOd635xgnMRTlwwwkdNI9t1vLcuGStnzWMzYAQhf+TS3LPx7+JGeR8/TXMSoegFf+64hXFJRnxLJTjpfHAJkk0pQ02XAWObab6GVLj8uDcra9cDAKKDftVRX7gOC0k+Vt7vWxkfVPYb8F0EMa2MVm/qYUzcxtnCrxYljtzqXU4UDgw7jUb1yxzI1scU04MaQknfQammw0Lk+ICPEdEX2sJGiG9zH4acCdyqW77QL3tJouCaKPdd6cVq20cyfgjNYT6zbkdlmXTz960Nx9zT4mmk6ngoYwvR1g4nub6Fgo6JDA3AIU7e+uxbO83+I+0jmyOePqkbbJs3igIGekm4M5nl5MhnFyEOr0UrcEKqgp/suRZf/As4UqOHf2NAjP2CMtnHwB8Ug40j5blU/s38ILfdD/Vd87gwZFpx5QCsJjVC+ucuINl4V5WbRBkbIID6ZrLGXoVzYYVqY6oNAF93fl2xCSZykdkVdBaJvSbpz8wbzimjV7nUL2Bxu+sJN7809DTpgwyGutQJ4f9CgpAb0+g2TCGdvbvB+Uh5H62iQaZDsaD8guusrIEkxjW83V/38DYaWe/Wh3CTfTqRqgDxql22n6a33qlU+k0F/het07ZhqtQ8bwL8QATDYg9zxCfRgr4YiMFQ1evS1qCOF8KWnRa2ApOO0qPJJ49DxJeFMD29pXhmxtrBPJelSeZqDUYVx8Ns0n72hh6FxBkRItntU6HGAtC+aZCi3h5HnUKyRTb63tJwm7OGkVltP5QaFT0nE1Tv2FdQSKFcLvnMCcx+P9VJ0dPXShbCv6JMdxQuqRIR3RRI5D6cv4O4HZKxtMuiZmsZySRFbSG033TGDEJKShlT5CleowW+21dHZeAWGLR9d/ScRE2i1Z69O4SgoZPyDpwHTb5jB+47oh0HNvUIvskyHfp57HkcUCmszZHf4wPblUjr33hCpk0k48mQfVEjekdRxojE7FTbDIERFZPb6tMDuUnhM7p7CE96A2ka0/renFPA8czLGOTltyxQmaCc0ZOV4nlUJ0m6L5dcXSPjpfm81y23GJJVy0DCY0tZ5YKT2C+5EEhL1gx0pWZ7Tf844FmwCfXaUIkxNkAKV4c/hBlvdAev6unXUj6LdsHEg8GqlV3KCAeG0wG9CnspmUnSrgNDSfa3AkFjTKXzLtLXa+FYTq8GNEyvrMQq/cWrHNU6kDr6Q+CH86U8J7kVepwbSTi49TvTxgkY8DiOlufv7EPa6CmgEYGNybMWhvdZ+rghVyp7botR30Wab/T7eHnUd+0CQHKaQmJ/eHBxIfJToQrchyXTM+VrehI7EQqn2HzeuSt5SneMtgNS71p+jgdrAO7w1LhJy7TDutGGPsW5ln5aT509OhwSUF5ZzJTTVytwb0QsBeGq+2DyrGwxQoaBOgXOFyI4Slryeb1+BC2ednybYRpve75cWUJ1RBxq9TrD8HSesOUE4tTH0DLhe211NLDCSzQ8wk4jVaPr+us4YKEAiBjL6TSWMg3ZdHDIcQVO4o8iXSlM4mDpRU56JODuQLJtBAMVPDkj1Ybj18qIhJ1ZO5YZmUfTQPXtv9heGRQI4MB00RmF8VTXafyqu07DY3bM2RPj9r/1ygEXq2sNXFQ2v2Q0Hai+sl9xU8djdvL8zhTNUWHyewhYnA==,iv:aSdbpsJoDerPqWTSWp0bQIcLChCzeoeGSTKEzvfzafo=,tag:LeOxrwyXdJyj7M0FRn25QQ==,type:str] | ||
5 | sops: | ||
6 | kms: [] | ||
7 | gcp_kms: [] | ||
8 | azure_kv: [] | ||
9 | hc_vault: [] | ||
10 | age: [] | ||
11 | lastmodified: "2021-05-15T13:05:09Z" | ||
12 | mac: ENC[AES256_GCM,data:ATdT6u3dMOgaBVg7cS5tpaA0fyoQdlW/jSzwPjm1mi7j5rNkilIiqIR+C159MrI5eeApkyOpzQP2lIAlANjbO+TlO2YIYd0Ue8pdoEZGQvDyWv3AARLfdlaPzFAGAnBnjihVmKp2kQjfmcSJkASBQM8e89R1PsAKGhH5xS5b0zM=,iv:UyMsuxYWVs/Q9/HTfPtjDNf+tUOHSAqA3klFt7yewYQ=,tag:Vu8xY4NVdw6MvjDWZwiO4A==,type:str] | ||
13 | pgp: | ||
14 | - created_at: "2021-05-15T13:03:47Z" | ||
15 | enc: | | ||
16 | -----BEGIN PGP MESSAGE----- | ||
17 | |||
18 | hF4DXxoViZlp6dISAQdAr0a9IJdY95UvcmMkCS73pQZVdjqHnVTTcpCXYuqkmiYw | ||
19 | rTIqyEsqpoSrkR57LBNX98ix99H/hvj6x8+dsv+K/nJQ9Jjs921UW2HJ8hPMD44Q | ||
20 | 0l4B2MyG+We3OClbt8BJmDo38/+/k9zSBdW2zbYEr4zhG7SCw0BryrPJwGAW54KT | ||
21 | 1fdnNwzN5jdFRObhkq8I725IaU4d7GYrpVebw29HP2fd0Uf+62iBToraRJNj3sxL | ||
22 | =JRkx | ||
23 | -----END PGP MESSAGE----- | ||
24 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
25 | - created_at: "2021-05-15T13:03:47Z" | ||
26 | enc: | | ||
27 | -----BEGIN PGP MESSAGE----- | ||
28 | |||
29 | hF4DyFKFNkTVG5oSAQdAINIHQVygfLGVo2gdlKCoojmD5layNM6K/QlQR/CsaTsw | ||
30 | SY+3psZUwnwwe7QRnt2gHSOUgYrG6/nhiCAfxoZBQZ6zm+v0IUdbRKEJhhGJnHfV | ||
31 | 0l4BUMxGLYHapIPjzTUwYQv9rF30zO7pJ3vU+4zkReNOcPzENLGX1uZu/1aULOcO | ||
32 | F33lTLP2B9B7pjvPoetJiuds3jO7JZrN3mFhIf7MTZyg5dMBbDSnUMJ6NIW+ug5F | ||
33 | =SAFL | ||
34 | -----END PGP MESSAGE----- | ||
35 | fp: 7ED22F4AA7BB55728B643DC5471B7D88E4EF66F8 | ||
36 | unencrypted_suffix: _unencrypted | ||
37 | version: 3.7.1 | ||
diff --git a/system-profiles/openssh/known-hosts/surtr.nix b/system-profiles/openssh/known-hosts/surtr.nix new file mode 100644 index 00000000..8d227b44 --- /dev/null +++ b/system-profiles/openssh/known-hosts/surtr.nix | |||
@@ -0,0 +1,28 @@ | |||
1 | let | ||
2 | hostNames = ["surtr.muspelheim.yggdrasil" "surtr.yggdrasil.li"]; | ||
3 | in { | ||
4 | dsa = { | ||
5 | inherit hostNames; | ||
6 | publicKey = '' | ||
7 | ssh-dss AAAAB3NzaC1kc3MAAACBAIgY3WWK/yD1QzQMako4FDkD22YODiCA/d7Ga14xpx7ujSPQJ0PqFd1aTPhrEZdy6pMnL82chGJD/oeurAacBxeuUouKvr10vtpaDJpcvqr/9m4zsx0OSeHl9M5PuSumjEXL/bsF/QSeo9Vp8uznLgHP/oglP8OI4Qsdh/0wisK1AAAAFQD04cH0JaWgJEUePcuYd02KW7t4aQAAAIBkFCGDPkJedRdJRy+l2OW6H7XdCQnA814cWOGaUItw5IVWz6KlVGPlETrBtRJhrgiwApy1Sk2rHxmuHCirAFS6FCZ5ct5wHKV2L/1CDphJzsYql9hUBTgevEpuAg9Kn1WjtcV+t+3LO9URD64BKHzpvtM2I5hAU4Zu6G2OV150MQAAAIB7B3lRZBxkDfb5x4cjitzFXN3FUzBcl0SD6/TJ+TH2lbTONMIXdT9zHw5BfEz3ObcScxCT2g99bvkxDwPNFRAorLAlEhCYB2zUV5QnJd8ZpIB3AFbokUxq+Q8fs5tU16Wv9TQ4oYmY3m9UAEqVz6ph562Ss+axO9qfSlNZX8feGA== | ||
8 | ''; | ||
9 | }; | ||
10 | ecdsa = { | ||
11 | inherit hostNames; | ||
12 | publicKey = '' | ||
13 | ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKLjbW8GWc7dF8HD8QrFZpZJop2xvFgvZnYfIl/slFASvphD6MBOHq3jx0+Tuk51xd4mvByTwoh8eokLZJidkZQ= | ||
14 | ''; | ||
15 | }; | ||
16 | ed25519 = { | ||
17 | inherit hostNames; | ||
18 | publicKey = '' | ||
19 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO2LOAbV3XuAqJpXVY+YUnLIbhRsmAUmVQT3MioXGGgj | ||
20 | ''; | ||
21 | }; | ||
22 | rsa = { | ||
23 | inherit hostNames; | ||
24 | publicKey = '' | ||
25 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQClFn6IDsDjuLXpThBtrRj+HLkNAwuBc4BgNqqIXkSRXy1FhDVgdI2iXKnJJLT/MWBMz73+QEYI+nDV6cxMCu292sZal+EAkyXJG6gQ9/rboucTuMWosrifAYabY4jUY79vYOiQGHG3XMIVjTQE8dRoXASzPKcok7PHftuW2qUu6ti7s3tqxY89Ez0cUz7jIECR7zHpIHZQbPd7z9luWOwZZc/eUGGWSxxz6idSPi/Adjk4FS56kIBk/uq9bZ8ylE/nwuJFUV90GzIr2nIQAcg6UVjYkw22+tA8BKzkS5Kx9ur7jVAhgs1qavKGnkYBuE4MvfjDzrkxRtlIPOjUQ3uuqYXkkkdMCooDl6+oKvN8dug6+cMdXn3/Q63cA0ols5rJz8iAtBoPRI8b835BWZcYHCk2aF2xT5hmB+GVhnFRZP8p9cRlr0jhYRjJKp80gTT7BPlMAQ0Sfmz5jLPd7X9yInKXCXdzxLTWvGqDq4GpunWVR6rgDMq5AswIcNhcwCc= | ||
26 | ''; | ||
27 | }; | ||
28 | } | ||
diff --git a/system-profiles/qemu-guest.nix b/system-profiles/qemu-guest.nix new file mode 100644 index 00000000..a231be74 --- /dev/null +++ b/system-profiles/qemu-guest.nix | |||
@@ -0,0 +1,19 @@ | |||
1 | { ... }: | ||
2 | { | ||
3 | config = { | ||
4 | boot.initrd = { | ||
5 | availableKernelModules = [ "virtio_net" "virtio_pci" "virtio_mmio" "virtio_blk" "virtio_scsi" "9p" "9pnet_virtio" ]; | ||
6 | kernelModules = [ "virtio_balloon" "virtio_console" "virtio_rng" ]; | ||
7 | |||
8 | postDeviceCommands = | ||
9 | '' | ||
10 | # Set the system time from the hardware clock to work around a | ||
11 | # bug in qemu-kvm > 1.5.2 (where the VM clock is initialised | ||
12 | # to the *boot time* of the host). | ||
13 | hwclock -s | ||
14 | ''; | ||
15 | }; | ||
16 | |||
17 | services.qemuGuest.enable = true; | ||
18 | }; | ||
19 | } | ||