vidhar: initial

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-06-17 21:20:19 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-06-17 21:20:19 +0200
commit: 234c7390e46d1f0e116822e171aa7815d97488c1 (patch)
tree: 722636499ca3b9844ce769667fc8b82fb1f8a1af
parent: 4f68db21acf6a4c0d5274dac8441414f090128d5 (diff)
download: nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.gz
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.bz2
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.xz
nixos-234c7390e46d1f0e116822e171aa7815d97488c1.zip
9 files changed, 299 insertions, 0 deletions
diff --git a/accounts/gkleen@vidhar.nix b/accounts/gkleen@vidhar.nix
new file mode 100644
index 00000000..4b41926c
--- /dev/null
+++ b/accounts/gkleen@vidhar.nix
@@ -0,0 +1,3 @@
+{ userName, ... }: {
+  config.users.users.${userName}.uid = 1000;
+}
diff --git a/accounts/mherold@vidhar.nix b/accounts/mherold@vidhar.nix
new file mode 100644
index 00000000..7b25cc12
--- /dev/null
+++ b/accounts/mherold@vidhar.nix
@@ -0,0 +1,3 @@
+{ userName, ... }: {
+  config.users.users.${userName}.uid = 1001;
+}
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
new file mode 100644
index 00000000..dc7f620b
--- /dev/null
+++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
+{ flake, pkgs, lib, ... }:
+{
+  imports = with flake.nixosModules.systemProfiles; [
+    openssh rebuild-machines
+  ];
+  config = {
+    nixpkgs = {
+      system = "x86_64-linux";
+    };
+    networking.hostId = "1e7ddd78";
+    environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
+    boot = {
+      loader.grub = {
+        enable = true;
+        version = 2;
+        device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
+      };
+      kernelPackages = pkgs.linuxPackages_latest;
+      tmpOnTmpfs = true;
+      supportedFilesystems = [ "zfs" ];
+      zfs = {
+        enableUnstable = true;
+      };
+    };
+    fileSystems = {
+      "/" = {
+        fsType = "tmpfs";
+        options = [ "mode=0755" ];
+      };
+    };
+    networking = {
+      hostName = "vidhar";
+      domain = "asgard.yggdrasil";
+      search = [ "asgard.yggdrasil" "yggdrasil" ];
+      useDHCP = false;
+      useNetworkd = true;
+      interfaces."eno1".useDHCP = true;
+      firewall = {
+        enable = true;
+        allowPing = true;
+        allowedTCPPorts = [
+          22 # ssh
+        ];
+        allowedUDPPortRanges = [
+          { from = 60000; to = 61000; } # mosh
+        ];
+      };
+    };
+    services.timesyncd.enable = false;
+    services.chrony = {
+      enable = true;
+      servers = [];
+      extraConfig = ''
+        pool time.cloudflare.com iburst nts
+        pool nts.ntp.se iburst nts
+        server nts.sth1.ntp.se iburst nts
+        server nts.sth2.ntp.se iburst nts
+        server ptbtime1.ptb.de iburst nts
+        server ptbtime2.ptb.de iburst nts
+        server ptbtime3.ptb.de iburst nts
+        makestep 0.1 3
+        cmdport 0
+      '';
+    };
+    services.openssh = {
+      enable = true;
+      passwordAuthentication = false;
+      challengeResponseAuthentication = false;
+      extraConfig = ''
+        AllowGroups ssh
+      '';
+    };
+    users.groups."ssh" = {
+      members = ["root"];
+    };
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';
+    nix.gc = {
+      automatic = true;
+      options = "--delete-older-than 30d";
+    };
+  };
+}
diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix
new file mode 100644
index 00000000..3beef836
--- /dev/null
+++ b/hosts/vidhar/zfs.nix
@@ -0,0 +1,108 @@
+{ pkgs, config, ... }:
+let
+  snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
+  snapshotCount = {
+    frequent = 24;
+    hourly = 24;
+    daily = 30;
+    monthly = 12;
+    yearly = 5;
+  };
+  snapshotTimerConfig = {
+    frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; };
+    hourly = { OnCalendar = "hourly UTC"; Persistent = true; };
+    daily = { OnCalendar = "daily UTC"; Persistent = true; };
+    monthly = { OnCalendar = "monthly UTC"; Persistent = true; };
+    yearly = { OnCalendar = "yearly UTC"; Persistent = true; };
+  };
+  snapshotDescr = {
+    frequent = "few minutes";
+    hourly = "hour";
+    daily = "day";
+    monthly = "month";
+    yearly = "year";
+  };
+  zfs = config.boot.zfs.package;
+  autosnapPackage = pkgs.zfstools.override { inherit zfs; };
+in {
+  config = {
+    fileSystems = {
+      "/boot" =
+        { device = "boot";
+          fsType = "zfs";
+        };
+      "/nix" =
+        { device = "ssd-raid0/local/nix";
+          fsType = "zfs";
+        };
+      "/root" =
+        { device = "ssd-raid1/safe/home-root";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/lib/systemd" =
+        { device = "ssd-raid1/local/var-lib-systemd";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      
+      "/var/lib/nixos" =
+        { device = "ssd-raid1/local/var-lib-nixos";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/log" =
+        { device = "ssd-raid1/local/var-log";
+          fsType = "zfs";
+        };
+      "/home" =
+        { device = "hdd-raid6/safe/home";
+          fsType = "zfs";
+        };
+    };
+    systemd.services =
+      let mkSnapService = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
+              after = [ "zfs-import.target" ];
+              serviceConfig = {
+                Type = "oneshot";
+                ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
+              };
+              restartIfChanged = false;
+              preStart = ''
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true boot
+              '';
+            };
+          };
+      in builtins.listToAttrs (map mkSnapService snapshotNames);
+    systemd.timers =
+      let mkSnapTimer = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              wantedBy = [ "timers.target" ];
+              timerConfig = snapshotTimerConfig.${snapName};
+            };
+          };
+      in builtins.listToAttrs (map mkSnapTimer snapshotNames);
+    services.zfs.trim.enable = false;
+    services.zfs.autoScrub = {
+      enable = true;
+      interval = "Sun *-*-1..7 04:00:00";
+    };
+  };
+}
diff --git a/installer.nix b/installer.nix
index 78106902..5fe58494 100644
--- a/installer.nix
+++ b/installer.nix
@@ -15,10 +15,17 @@
      enable = true;
      allowedTCPPorts = [ 22 # ssh
                        ];
+      allowedUDPPortRanges = [
+        { from = 60000; to = 61000; } # mosh
+      ];
    };
    systemd.services."sshd".wantedBy = ["multi-user.target"]; 
    services.qemuGuest.enable = true;
+    environment.systemPackages = with pkgs; [
+      nvme-cli iotop mosh
+    ];
  };
 }
diff --git a/system-profiles/openssh/host-keys/vidhar.yaml b/system-profiles/openssh/host-keys/vidhar.yaml
new file mode 100644
index 00000000..23c43194
--- /dev/null
+++ b/system-profiles/openssh/host-keys/vidhar.yaml
@@ -0,0 +1,35 @@
+ed25519: ENC[AES256_GCM,data:IouWMblBjfnihw6w/kdmswdZJnBVuwW9H2SPVbP3AM3MFdaqyE5ln/8tj+a5+Op0v5cpjbo7wFVmHU+gQ1jLfff151hbCWJfjWA+y5j4syNpquScy8607tT9MfaZP/xd0EGb4rK7cOf/mJH+hDgui+dpTctdT5tbOIRPWUNTnWMICo9uoTea/MZopzBvfiE8OZwueir2X0gD86rNdG3oon43sHCTBYWFIiWrajStqLsxAFpRmPGIjmhRWpt2WhE0UYmptd50a7kju5L5bXjX02b0RzSiiBWj3weCedlRABymaCCaBuUf8fQTC3LwY3onHXW2UHdFSXWHPTCV5lE/Bck3yY2fHUHiIubUVNAenD0zBqxVobs5X4jJJWwuLDKpqPvb7k1et12Nrdx31kvADLPW3k4e1hfJ5iC5K7/0uN1rUilvDYhvCtBTcQ5Jpli5G9i1lOi7+4IvXwnlT9ic1FZVz+Df/y6IR90j4WJFTaRZJwD3HU5n5upW2Sfz3EyQkjWmxDhFixgopy8dazi1,iv:07gNZhwgQj8Tpfd53cZa+rMeTOdLu8LRSCaF8M4T6es=,tag:E4k4y9AzmHhMztpvJiK8Gg==,type:str]
+rsa: ENC[AES256_GCM,data:HVRAQETB8KHtZl7FomCuF3ggjU34EiV/4fCJXaWFOwOK6E/QS016Ub+Dc+0iCPqsyRm3uFfYTgeDVA3SwkMvSkti8UIKVPLr1787MY2LtlOOhCjG/ZWNPoAbsDajpxLwHRfNbl76Hzw7MfqQ/KBOfdh2NedaVdei4oDW4Thef+9yoz+lr+QChcEbiEAE88w7wzzhWKdnsdCLOnk5Ljl3Db7CyZFcsc7FNNvR6ZFZqe/jQCdG4cwcJNrLCZWkm+97AbuOiLMO8nlTvVC3MIZhtWNmqNi9FwIqDQKdnPvOzG7zQEaSDG9kjd6V4KoUFJ9VnCzZp3MmwiA5myenxaEMooAsUiPwkcpeSJRN27xDAJeN/oaU2pwlbn/gND7iVFWUm4KXE2z8mRJjXTnwM1H47kriHZBe2qYEDt4Tuj2Y5OWnxy7dAzKLXpJRsXlWXki7A9gyigIMlRvvH1LkSJrr3wuhsNc+MMWYnB1hV7cB/zKrXCuqo4LD02TdlDcsiRBlQYsjXGb6hbdrzwtuSwLo4LhrxmtQUcYXuUqQFCWGIVinnDclQKUg8iFcgz0VkOk/ks72wVIfEb6dVfzQ1HBIX2K4887WUiv3aeZBtGbGXM+wvKjwaFx+LQxiN9hYAwp/2SLuio2jasMjZMOyuzLDohnURYxpqDrbgokpfnsPmu6Qul65tuwOI3JIjrMf7QdDrjoV4SGM7uoakGwrWXddq1JUd8xe2pMQrKzagKz7YIm7qRJ/Mp6JX4xaqK0lE6dhiY6ja6/Cj7F0J12iJSjzcuTRRzu64fiTZh3/AmQ9M/Ij1rplHWtCYNdlxWIw25gm7pVGtjXJrAwOPpwi4/S0iLRHH7Dk4SmQ8Y9x3PvPjCEzRPzCr2/p2yf+sXWK/NE1UD3jNqFpUYeNBf7PvaCCMi+rnHZdozqb/raJAEAkDxaVLRW0g5lKp0UAuZpe60Ro0FHBXLlz069f1tickElNWYdd+sqxe5+5FJnyQw8X+6pWZzQ66ydMf3X0vkWcz5rw80lutt6VLqqga/heaTJ6Ml/frWrPDWujdYdez+THsEEqzOPJNeVXybp1Z1veyMjogmybolw0/42xi8XRAhThqWIAXqIUct5owOoklAAksIVJ6pkYs0gFTCf+yhIY+8gckDHE+tV3U1VUMK8scJIOJ/n7JZC/fHYRdSgw58HBARyamPCVaqSjHzVDmCxPxqVgzjtfC5E+ZBRhXXf2vxdX2RA933CuEOPig8UtEhikxdQcPAaRrgMHx0GpRDJSSlJDfN8ldifEDhRAsEEfK4WFHM5ZoUsj5Om2iw+kPyObEj9Ca8OkWhoQn3uyxXjFhsZ4sgjDO20F2nrjyDaNi2s6Nyi6+uW1Rp4wIefcOsrkaVopChDKH8pjEzCS7xz1OZnD6SmPeL+18MbzCMWDSgmxgvfNd1t/fS0Zvgm9ivZnMLdw4or+SPWTS98kVAGJ5FNUd57qkH5HPjWNijXXDkTf5xyCaqNHyKY2yI+Xi5klW96tLWi0wAYoEgbm/KhXzkPn2g32jPl7HPc/U2EVfSMiAuao0y0iLQEKjpTXOYA9NVHqj7RLDo9uNHCyN4Le1yAMlJgOvZM5xHKz1sVZ+KyXOgl42cOsIbG+3jFKM/OFoIcHWAGl3nXO6W4db/FVDBly8bnfYDXaVsihKeB+sM1AnQgl+AZXPX0GcbL/7FLJ5jy44+p0DGb0Cy7jHVqF3/Fi5I8v8CzxgSC29zi2AloJgiTE/cqOTU95fK/MeA6+bYgsCbCwaG8Gk+wiAwv+QreDj0V9tRA+eCAG3frr4omAWqnObPW2DvzD1Gn46e7G6vL1Wp9mQ+PJK/8dnClSqLH/tVLMRx1uomZ7oQd+W5pHgPp2uSm4BL4BEVDFAsdVpqjSANY84KnoKqbun4+RDvfvETbME4L63dmdjIfN7XEgjE6pGWpXmrQvruUxV7uBcEWxloUTynbxzrq0kQZQkJCcNUYurSB1+D5W4QU8EhwwyKX9GKpvdMwVdnEsCtCLROA+yPhfZYgVwiE1l3QvcT0/Mo+McOnIgF3FXDoTpjG9ODy/YswKdDACqwZpGKZXAUYLK7If5yz2jfj8v4/JBGgOCdCAxHFbE9UQxyNNFTzKNw19oju6goVyrbazsDXDjqPBQ/+KJT37GSJXM/CybUbkrhgLEGj/rQjfH0x/FSFF4FY1fZXut/kJdrqcQtdMQsSwBT6wa+8XeRMSV47kAldCh+iiwegaQDhP2jR578+eLr7cNpW9vvUm3+dNa9I9QZFo2SfeucTHF4WP1PvImVLtevdezgZHGeQC4/AreFubUdQFEysdvN0OhniwWr+sdCtaZXQJ3fVgm4UPUAvpz3K0WHK4XRqHp3KduHVSwrVVcuJhXpdW8PKjBtm2rYJzrlGEoGeFvmb/urQaZRBOiEnM/g21uH7bCDYi5eVQsXcSYMxUf/HhzN7+Im1F8X/j/qaqXZKgZ7pwYKuwUe6TL8rzHFhUVD2FxzFeCbVvtxZ2azqoANJBdsUDPfvT+ZpA3jZrmpqfU147Y2i14iCmmC4jKzy3znKEYhlOB54CQKoS9vPeWEqMziFhrafPMhajxb0eefK7OhB3E+zdEF3O9DsqfF61WBnePwCDenS+Yx7VoBff9zK+vWGDZfvpW4tkAOBK6aO/zh8KPr4HLiNhD24jCyixc0+Uaifg+uZi9DSeGTErkU9XW77YEgFY+GiddueT/1vy9kVZRa7wFMbjfqua+gH9S6b4esGcUzbCQ1Jyx3P2bHphiwkVav9MnHhbyHP7bsdMPNRN0E2wmx8TFdItO4tkS3f9fi2JrOE9zUu/9QJjXZJDxmWckK5zhwtv1O7Niot5PYH4adHduh1EVgnVREsxj1Hu2N/lxS1aX/2g0ZoF77SUlzOAN0FW5RI26lQg0m9Oz5cvAk7DU99oaFuTnUf34nBVPchsATKx6Rp+jqH5yx1T3SUSziEU3FGD3rfLNChD2BL0lQqXEcYZbYy1S0ERmPMgqOPw3baEzEC/YJU87yxc2/6Vbz45ZZQqAyRHTQBAVr6FLl2IksCT91a8ntAQi5CWgXqm7jjbSYKUqcxyQmt2zgkj1c7M/r1aJPeh+8DJtS/FpwSv5kJYdTo9bGYUrshm79CwcBYHwnm7nOkaSQed+CFAHwy44crvR4QkIOEIKeSbvyofn1cRTit4TMzq2d0RJt9w6jIIM3YtqLQOgl6rMRg3BeSsC49BFwp6p6QMcRkkwnOyiYqqmnmV7tHfUn6UVWmstEQ46Wvis+TcRwO3uCxZlwx1WzB6+m03IrNaJRfaliKhpMoTkz4hzk5fBaAkk8rS/hCbyUDcoewkSSGyoD+ogNUoM5p/hzel/p9Cb4NZqBvAziTmYyu14BjFrbmFIUbC2dKz+aipu/wr34m7Jh+dvghO5DqTJY/z7YMzONpe9a7cJNYCsA==,iv:8qeuu0bxKrCDH149UzPOJG71sYcHrd5wUu8ZqH8iTHs=,tag:FRBoPBWVkB8pEc6LuIsEZA==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age: []
+    lastmodified: "2021-06-17T18:42:01Z"
+    mac: ENC[AES256_GCM,data:Mqnozqkhcfom0F1lSjZbCJDPXKLqWnRKwHh9tpbhpVYSmSeGk3iHVR+qOkL5/cTCnaWyzsAlJuRm5rmKGuKVqXSXWYSzphZ37c0l8NfPgDKomu5iHyQ6oEJsvSv411zdgHKZximeEwZhVfNf9I3FmTujXK0JiZwDRPoOTwnd7wY=,iv:zjfELB9DmW4vhVg6dbT6vf8SIBLfZod6JAXYkotiiL0=,tag:PkgF5uTST2UkM1ftl8ggmQ==,type:str]
+    pgp:
+        - created_at: "2021-06-17T18:40:20Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hF4DXxoViZlp6dISAQdAQwuTgiFIyIrS4Qc9tUIsLuh4RtjuoVRgChVkCs1Svyow
+            KBGrbWCC5tqnQfCySglrwK7Zz8vg8nsGeDAshQvCf67YDaj+FUrdz68DH0WYRZ9D
+            0l4BrmFTOnCPZHY/488E14BBm2lNWYwEimWx4FnEQmoTL+ph/XdTtizgQkQlQLc9
+            tXdHGbeVkEACKE0znF4pFrBs3qKmp9EPJQ4aFUkvdJkb7aadnukUUFzO7/WgMuSN
+            =G8tT
+            -----END PGP MESSAGE-----
+          fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
+        - created_at: "2021-06-17T18:40:20Z"
+          enc: |
+            -----BEGIN PGP MESSAGE-----
+            hF4DbYDvGI0HDr0SAQdA9zTLIX+OV+zv8R7SrXOkrV1koa1aYkg+164QngxWpwAw
+            wyhwHxqISWYeSAmM9xA27vsJ754sXGVVMB5V3FyUlFTWuIVUkUuhq4ijY/PIJle9
+            0l4Bryp2R72fLE9W82DmEE1XWlxSrAJ15HGIjMI1RVop3UDXQfYdlaP9paebLVaY
+            cnGncYKIs33GzVDXfaMFmPqamvwpwR5yw25KYGnUfBhaIgSQgcpmU3zwua73ICH0
+            =bvYm
+            -----END PGP MESSAGE-----
+          fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
+    unencrypted_suffix: _unencrypted
+    version: 3.7.1
diff --git a/system-profiles/openssh/known-hosts/vidhar.nix b/system-profiles/openssh/known-hosts/vidhar.nix
new file mode 100644
index 00000000..94abeab7
--- /dev/null
+++ b/system-profiles/openssh/known-hosts/vidhar.nix
@@ -0,0 +1,16 @@
+let
+  hostNames = ["vidhar.asgard.yggdrasil"];
+in {
+  rsa = {
+    inherit hostNames;
+    publicKey = ''
+      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR8=
+    '';
+  };
+  ed25519 = {
+    inherit hostNames;
+    publicKey = ''
+      ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8Frq
+    '';
+  };
+}
diff --git a/system-profiles/rebuild-machines/ssh/vidhar/private b/system-profiles/rebuild-machines/ssh/vidhar/private
new file mode 100644
index 00000000..b45a1172
--- /dev/null
+++ b/system-profiles/rebuild-machines/ssh/vidhar/private
@@ -0,0 +1,26 @@
+{
+        "data": "ENC[AES256_GCM,data:PKQg38OglhjMpT1DYQI5LG++hsMZX2tOTwENpI0vqiCluAjj5Z8IebYKcawKsDxtMSJlMqHfBAXoMu3DB8EC6AusYnXR5hjpLSLGNcGO/74JACYT3JgsAIn3c33kqk+jfyO3Ru8LJgWn6dsob7s20QGxgA/NqXnyUKtDDJOCgsRmVGKu6IQlHuYtE/oULDvtKA/9ksBNajo2c/uvjUN0jFkY4KJ3S6zVTRYrJV+VfRbxVmRiswbHyjPjdML4+1ipse1nNObjo3HVtg5vz4qT901YT7/3PbyJBo22dtuGACB9aCVq8HZVgKNf9DXJI6ZlZYCqeON9EeRB4QFFXOi+//w4wA/disDm76kVxzgJsDSjVqstqQIpIwPHAeAu/fwl61qNCZ2oxXXzu3EIJARb5UR9E2lREkfe7XiB+QJgfzlWziTUM4RxlO6ykMsXqcIDFmCdNH84x9KvHaz9RYqbjS6fsnei5+TQz/L5H+mXDVOrBJTPHikdYn5dFmgID6oXgO7HvhFc4udoR3sruEs97yN4f/0II5MXToJZCO9zeFtWL7U=,iv:DIldXjNu6GThFoh5DFhyxu4jLzD8dJGPiTg6gDE9Dd8=,tag:at151R9sjx3+1yTSfmDFeA==,type:str]",
+        "sops": {
+                "kms": null,
+                "gcp_kms": null,
+                "azure_kv": null,
+                "hc_vault": null,
+                "age": null,
+                "lastmodified": "2021-06-17T18:39:16Z",
+                "mac": "ENC[AES256_GCM,data:6E11CWkKpVxoPDw8jpg7Q1Jp+oIAS4W5PVTqzFJXeOOz2ZstVTlyhWdSRFJ/Xd09NuIRak+vAcOcU/t7v2d/mvNlogjCPdQE3ypRtm1HbawZUXwGgml9PRt0iMwS6MchMLWpze+eVu1j/hHvtAuqgRydMTCbT+T+qJOpax9olws=,iv:5VxHFHEFuTWYbKbwNIJAMYDDBoKkHOYLbe+l8amizhU=,tag:T7NBal0l4Nw8Pxm64CPDaA==,type:str]",
+                "pgp": [
+                        {
+                                "created_at": "2021-06-17T18:39:10Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuCBzgHL7hYw9643MOm4Y3Zunz2N3cKg5c/RoPzm+D10w\neaMjK+pjFEUrGgptKyNEDRwaWnhtqXfHOvF/FCTKzr0yC2TRR1GRAEcz6vSJhL9f\n0l4BsshxfcB/ZUB5jE2F8No/MbD/beSKvUwgXlEMz8blOBbGUqkpp5zwjt91GXml\n2Fwrxzi5j3T2DgI8wH6XGpN9lNfFNk/JudFm0Y0yaXA4dFou1T+4hKWTb1mfTcTd\n=phfT\n-----END PGP MESSAGE-----\n",
+                                "fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
+                        },
+                        {
+                                "created_at": "2021-06-17T18:39:10Z",
+                                "enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAwkrIrbqgFCr75iDMH94Jv7rmJ87i6YUF+DUHOU6zF0Qw\nHXDlYeeEagxRch/WEkWiRM/g+5oZFLHDPIL86MenyTt0HbACekRNIqHxA6Q5uZLK\n0l4BzVzVxjusQolYvvWiwWxMmqVc19nrEqNHYDmxKAZqNiLUGBDO2KHNNA+6MAAP\nxAqmhmdWD/Kk7/X9WqOSiLvL6bsvHXOdmtnoqiXiuRDfPCJMZ3rma15WXjEe6EXq\n=3pEu\n-----END PGP MESSAGE-----\n",
+                                "fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
+                        }
+                ],
+                "unencrypted_suffix": "_unencrypted",
+                "version": "3.7.1"
+        }
+}
+\ No newline at end of file
diff --git a/system-profiles/rebuild-machines/ssh/vidhar/public b/system-profiles/rebuild-machines/ssh/vidhar/public
new file mode 100644
index 00000000..5876f86e
--- /dev/null
+++ b/system-profiles/rebuild-machines/ssh/vidhar/public
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJ5JB1Tq+awZlPshFfGJ+PBHf8g/GI8+FbsASdsrOiS rebuild-machines@vidhar
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-06-17 21:20:19 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-06-17 21:20:19 +0200
commit	234c7390e46d1f0e116822e171aa7815d97488c1 (patch)
tree	722636499ca3b9844ce769667fc8b82fb1f8a1af
parent	4f68db21acf6a4c0d5274dac8441414f090128d5 (diff)
download	nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.gz nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.bz2 nixos-234c7390e46d1f0e116822e171aa7815d97488c1.tar.xz nixos-234c7390e46d1f0e116822e171aa7815d97488c1.zip

diff --git a/accounts/gkleen@vidhar.nix b/accounts/gkleen@vidhar.nix new file mode 100644 index 00000000..4b41926c --- /dev/null +++ b/accounts/gkleen@vidhar.nix
@@ -0,0 +1,3 @@
		1	{ userName, ... }: {
		2	config.users.users.${userName}.uid = 1000;
		3	}


diff --git a/accounts/mherold@vidhar.nix b/accounts/mherold@vidhar.nix new file mode 100644 index 00000000..7b25cc12 --- /dev/null +++ b/accounts/mherold@vidhar.nix
@@ -0,0 +1,3 @@
		1	{ userName, ... }: {
		2	config.users.users.${userName}.uid = 1001;
		3	}


diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix new file mode 100644 index 00000000..dc7f620b --- /dev/null +++ b/hosts/vidhar/default.nix
@@ -0,0 +1,100 @@
		1	{ flake, pkgs, lib, ... }:
		2	{
		3	imports = with flake.nixosModules.systemProfiles; [
		4	openssh rebuild-machines
		5	];
		6
		7	config = {
		8	nixpkgs = {
		9	system = "x86_64-linux";
		10	};
		11
		12	networking.hostId = "1e7ddd78";
		13	environment.etc."machine-id".text = "1e7ddd784c525bba2a03d7c160c5da4e";
		14
		15	boot = {
		16	loader.grub = {
		17	enable = true;
		18	version = 2;
		19	device = "/dev/disk/by-id/usb-Intenso_Slim_Line_22010091300228-0:0";
		20	};
		21
		22	kernelPackages = pkgs.linuxPackages_latest;
		23
		24	tmpOnTmpfs = true;
		25
		26	supportedFilesystems = [ "zfs" ];
		27	zfs = {
		28	enableUnstable = true;
		29	};
		30	};
		31
		32	fileSystems = {
		33	"/" = {
		34	fsType = "tmpfs";
		35	options = [ "mode=0755" ];
		36	};
		37	};
		38
		39	networking = {
		40	hostName = "vidhar";
		41	domain = "asgard.yggdrasil";
		42	search = [ "asgard.yggdrasil" "yggdrasil" ];
		43
		44	useDHCP = false;
		45	useNetworkd = true;
		46
		47	interfaces."eno1".useDHCP = true;
		48
		49	firewall = {
		50	enable = true;
		51	allowPing = true;
		52	allowedTCPPorts = [
		53	22 # ssh
		54	];
		55	allowedUDPPortRanges = [
		56	{ from = 60000; to = 61000; } # mosh
		57	];
		58	};
		59	};
		60	services.timesyncd.enable = false;
		61	services.chrony = {
		62	enable = true;
		63	servers = [];
		64	extraConfig = ''
		65	pool time.cloudflare.com iburst nts
		66	pool nts.ntp.se iburst nts
		67	server nts.sth1.ntp.se iburst nts
		68	server nts.sth2.ntp.se iburst nts
		69	server ptbtime1.ptb.de iburst nts
		70	server ptbtime2.ptb.de iburst nts
		71	server ptbtime3.ptb.de iburst nts
		72
		73	makestep 0.1 3
		74
		75	cmdport 0
		76	'';
		77	};
		78
		79	services.openssh = {
		80	enable = true;
		81	passwordAuthentication = false;
		82	challengeResponseAuthentication = false;
		83	extraConfig = ''
		84	AllowGroups ssh
		85	'';
		86	};
		87	users.groups."ssh" = {
		88	members = ["root"];
		89	};
		90
		91	security.sudo.extraConfig = ''
		92	Defaults lecture = never
		93	'';
		94
		95	nix.gc = {
		96	automatic = true;
		97	options = "--delete-older-than 30d";
		98	};
		99	};
		100	}


diff --git a/hosts/vidhar/zfs.nix b/hosts/vidhar/zfs.nix new file mode 100644 index 00000000..3beef836 --- /dev/null +++ b/hosts/vidhar/zfs.nix
@@ -0,0 +1,108 @@
		1	{ pkgs, config, ... }:
		2	let
		3	snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
		4	snapshotCount = {
		5	frequent = 24;
		6	hourly = 24;
		7	daily = 30;
		8	monthly = 12;
		9	yearly = 5;
		10	};
		11	snapshotTimerConfig = {
		12	frequent = { OnCalendar = "*:0/5 UTC"; Persistent = true; };
		13	hourly = { OnCalendar = "hourly UTC"; Persistent = true; };
		14	daily = { OnCalendar = "daily UTC"; Persistent = true; };
		15	monthly = { OnCalendar = "monthly UTC"; Persistent = true; };
		16	yearly = { OnCalendar = "yearly UTC"; Persistent = true; };
		17	};
		18	snapshotDescr = {
		19	frequent = "few minutes";
		20	hourly = "hour";
		21	daily = "day";
		22	monthly = "month";
		23	yearly = "year";
		24	};
		25
		26	zfs = config.boot.zfs.package;
		27
		28	autosnapPackage = pkgs.zfstools.override { inherit zfs; };
		29	in {
		30	config = {
		31	fileSystems = {
		32	"/boot" =
		33	{ device = "boot";
		34	fsType = "zfs";
		35	};
		36
		37	"/nix" =
		38	{ device = "ssd-raid0/local/nix";
		39	fsType = "zfs";
		40	};
		41
		42	"/root" =
		43	{ device = "ssd-raid1/safe/home-root";
		44	fsType = "zfs";
		45	neededForBoot = true;
		46	};
		47
		48	"/var/lib/systemd" =
		49	{ device = "ssd-raid1/local/var-lib-systemd";
		50	fsType = "zfs";
		51	neededForBoot = true;
		52	};
		53
		54	"/var/lib/nixos" =
		55	{ device = "ssd-raid1/local/var-lib-nixos";
		56	fsType = "zfs";
		57	neededForBoot = true;
		58	};
		59
		60	"/var/log" =
		61	{ device = "ssd-raid1/local/var-log";
		62	fsType = "zfs";
		63	};
		64
		65	"/home" =
		66	{ device = "hdd-raid6/safe/home";
		67	fsType = "zfs";
		68	};
		69	};
		70
		71	systemd.services =
		72	let mkSnapService = snapName: {
		73	name = "zfs-snapshot-${snapName}";
		74	value = {
		75	description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
		76	after = [ "zfs-import.target" ];
		77	serviceConfig = {
		78	Type = "oneshot";
		79	ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
		80	};
		81	restartIfChanged = false;
		82
		83	preStart = ''
		84	${zfs}/bin/zfs set com.sun:auto-snapshot=true hdd-raid6/safe
		85	${zfs}/bin/zfs set com.sun:auto-snapshot=true ssd-raid1/safe
		86	${zfs}/bin/zfs set com.sun:auto-snapshot=true boot
		87	'';
		88	};
		89	};
		90	in builtins.listToAttrs (map mkSnapService snapshotNames);
		91
		92	systemd.timers =
		93	let mkSnapTimer = snapName: {
		94	name = "zfs-snapshot-${snapName}";
		95	value = {
		96	wantedBy = [ "timers.target" ];
		97	timerConfig = snapshotTimerConfig.${snapName};
		98	};
		99	};
		100	in builtins.listToAttrs (map mkSnapTimer snapshotNames);
		101
		102	services.zfs.trim.enable = false;
		103	services.zfs.autoScrub = {
		104	enable = true;
		105	interval = "Sun --1..7 04:00:00";
		106	};
		107	};
		108	}


diff --git a/installer.nix b/installer.nix index 78106902..5fe58494 100644 --- a/installer.nix +++ b/installer.nix
@@ -15,10 +15,17 @@
15	enable = true;	15	enable = true;
16	allowedTCPPorts = [ 22 # ssh	16	allowedTCPPorts = [ 22 # ssh
17	];	17	];
		18	allowedUDPPortRanges = [
		19	{ from = 60000; to = 61000; } # mosh
		20	];
18	};	21	};
19		22
20	systemd.services."sshd".wantedBy = ["multi-user.target"];	23	systemd.services."sshd".wantedBy = ["multi-user.target"];
21		24
22	services.qemuGuest.enable = true;	25	services.qemuGuest.enable = true;
		26
		27	environment.systemPackages = with pkgs; [
		28	nvme-cli iotop mosh
		29	];
23	};	30	};
24	}	31	}


diff --git a/system-profiles/openssh/host-keys/vidhar.yaml b/system-profiles/openssh/host-keys/vidhar.yaml new file mode 100644 index 00000000..23c43194 --- /dev/null +++ b/system-profiles/openssh/host-keys/vidhar.yaml
@@ -0,0 +1,35 @@
		1	ed25519: ENC[AES256_GCM,data:IouWMblBjfnihw6w/kdmswdZJnBVuwW9H2SPVbP3AM3MFdaqyE5ln/8tj+a5+Op0v5cpjbo7wFVmHU+gQ1jLfff151hbCWJfjWA+y5j4syNpquScy8607tT9MfaZP/xd0EGb4rK7cOf/mJH+hDgui+dpTctdT5tbOIRPWUNTnWMICo9uoTea/MZopzBvfiE8OZwueir2X0gD86rNdG3oon43sHCTBYWFIiWrajStqLsxAFpRmPGIjmhRWpt2WhE0UYmptd50a7kju5L5bXjX02b0RzSiiBWj3weCedlRABymaCCaBuUf8fQTC3LwY3onHXW2UHdFSXWHPTCV5lE/Bck3yY2fHUHiIubUVNAenD0zBqxVobs5X4jJJWwuLDKpqPvb7k1et12Nrdx31kvADLPW3k4e1hfJ5iC5K7/0uN1rUilvDYhvCtBTcQ5Jpli5G9i1lOi7+4IvXwnlT9ic1FZVz+Df/y6IR90j4WJFTaRZJwD3HU5n5upW2Sfz3EyQkjWmxDhFixgopy8dazi1,iv:07gNZhwgQj8Tpfd53cZa+rMeTOdLu8LRSCaF8M4T6es=,tag:E4k4y9AzmHhMztpvJiK8Gg==,type:str]
		2	rsa: ENC[AES256_GCM,data:HVRAQETB8KHtZl7FomCuF3ggjU34EiV/4fCJXaWFOwOK6E/QS016Ub+Dc+0iCPqsyRm3uFfYTgeDVA3SwkMvSkti8UIKVPLr1787MY2LtlOOhCjG/ZWNPoAbsDajpxLwHRfNbl76Hzw7MfqQ/KBOfdh2NedaVdei4oDW4Thef+9yoz+lr+QChcEbiEAE88w7wzzhWKdnsdCLOnk5Ljl3Db7CyZFcsc7FNNvR6ZFZqe/jQCdG4cwcJNrLCZWkm+97AbuOiLMO8nlTvVC3MIZhtWNmqNi9FwIqDQKdnPvOzG7zQEaSDG9kjd6V4KoUFJ9VnCzZp3MmwiA5myenxaEMooAsUiPwkcpeSJRN27xDAJeN/oaU2pwlbn/gND7iVFWUm4KXE2z8mRJjXTnwM1H47kriHZBe2qYEDt4Tuj2Y5OWnxy7dAzKLXpJRsXlWXki7A9gyigIMlRvvH1LkSJrr3wuhsNc+MMWYnB1hV7cB/zKrXCuqo4LD02TdlDcsiRBlQYsjXGb6hbdrzwtuSwLo4LhrxmtQUcYXuUqQFCWGIVinnDclQKUg8iFcgz0VkOk/ks72wVIfEb6dVfzQ1HBIX2K4887WUiv3aeZBtGbGXM+wvKjwaFx+LQxiN9hYAwp/2SLuio2jasMjZMOyuzLDohnURYxpqDrbgokpfnsPmu6Qul65tuwOI3JIjrMf7QdDrjoV4SGM7uoakGwrWXddq1JUd8xe2pMQrKzagKz7YIm7qRJ/Mp6JX4xaqK0lE6dhiY6ja6/Cj7F0J12iJSjzcuTRRzu64fiTZh3/AmQ9M/Ij1rplHWtCYNdlxWIw25gm7pVGtjXJrAwOPpwi4/S0iLRHH7Dk4SmQ8Y9x3PvPjCEzRPzCr2/p2yf+sXWK/NE1UD3jNqFpUYeNBf7PvaCCMi+rnHZdozqb/raJAEAkDxaVLRW0g5lKp0UAuZpe60Ro0FHBXLlz069f1tickElNWYdd+sqxe5+5FJnyQw8X+6pWZzQ66ydMf3X0vkWcz5rw80lutt6VLqqga/heaTJ6Ml/frWrPDWujdYdez+THsEEqzOPJNeVXybp1Z1veyMjogmybolw0/42xi8XRAhThqWIAXqIUct5owOoklAAksIVJ6pkYs0gFTCf+yhIY+8gckDHE+tV3U1VUMK8scJIOJ/n7JZC/fHYRdSgw58HBARyamPCVaqSjHzVDmCxPxqVgzjtfC5E+ZBRhXXf2vxdX2RA933CuEOPig8UtEhikxdQcPAaRrgMHx0GpRDJSSlJDfN8ldifEDhRAsEEfK4WFHM5ZoUsj5Om2iw+kPyObEj9Ca8OkWhoQn3uyxXjFhsZ4sgjDO20F2nrjyDaNi2s6Nyi6+uW1Rp4wIefcOsrkaVopChDKH8pjEzCS7xz1OZnD6SmPeL+18MbzCMWDSgmxgvfNd1t/fS0Zvgm9ivZnMLdw4or+SPWTS98kVAGJ5FNUd57qkH5HPjWNijXXDkTf5xyCaqNHyKY2yI+Xi5klW96tLWi0wAYoEgbm/KhXzkPn2g32jPl7HPc/U2EVfSMiAuao0y0iLQEKjpTXOYA9NVHqj7RLDo9uNHCyN4Le1yAMlJgOvZM5xHKz1sVZ+KyXOgl42cOsIbG+3jFKM/OFoIcHWAGl3nXO6W4db/FVDBly8bnfYDXaVsihKeB+sM1AnQgl+AZXPX0GcbL/7FLJ5jy44+p0DGb0Cy7jHVqF3/Fi5I8v8CzxgSC29zi2AloJgiTE/cqOTU95fK/MeA6+bYgsCbCwaG8Gk+wiAwv+QreDj0V9tRA+eCAG3frr4omAWqnObPW2DvzD1Gn46e7G6vL1Wp9mQ+PJK/8dnClSqLH/tVLMRx1uomZ7oQd+W5pHgPp2uSm4BL4BEVDFAsdVpqjSANY84KnoKqbun4+RDvfvETbME4L63dmdjIfN7XEgjE6pGWpXmrQvruUxV7uBcEWxloUTynbxzrq0kQZQkJCcNUYurSB1+D5W4QU8EhwwyKX9GKpvdMwVdnEsCtCLROA+yPhfZYgVwiE1l3QvcT0/Mo+McOnIgF3FXDoTpjG9ODy/YswKdDACqwZpGKZXAUYLK7If5yz2jfj8v4/JBGgOCdCAxHFbE9UQxyNNFTzKNw19oju6goVyrbazsDXDjqPBQ/+KJT37GSJXM/CybUbkrhgLEGj/rQjfH0x/FSFF4FY1fZXut/kJdrqcQtdMQsSwBT6wa+8XeRMSV47kAldCh+iiwegaQDhP2jR578+eLr7cNpW9vvUm3+dNa9I9QZFo2SfeucTHF4WP1PvImVLtevdezgZHGeQC4/AreFubUdQFEysdvN0OhniwWr+sdCtaZXQJ3fVgm4UPUAvpz3K0WHK4XRqHp3KduHVSwrVVcuJhXpdW8PKjBtm2rYJzrlGEoGeFvmb/urQaZRBOiEnM/g21uH7bCDYi5eVQsXcSYMxUf/HhzN7+Im1F8X/j/qaqXZKgZ7pwYKuwUe6TL8rzHFhUVD2FxzFeCbVvtxZ2azqoANJBdsUDPfvT+ZpA3jZrmpqfU147Y2i14iCmmC4jKzy3znKEYhlOB54CQKoS9vPeWEqMziFhrafPMhajxb0eefK7OhB3E+zdEF3O9DsqfF61WBnePwCDenS+Yx7VoBff9zK+vWGDZfvpW4tkAOBK6aO/zh8KPr4HLiNhD24jCyixc0+Uaifg+uZi9DSeGTErkU9XW77YEgFY+GiddueT/1vy9kVZRa7wFMbjfqua+gH9S6b4esGcUzbCQ1Jyx3P2bHphiwkVav9MnHhbyHP7bsdMPNRN0E2wmx8TFdItO4tkS3f9fi2JrOE9zUu/9QJjXZJDxmWckK5zhwtv1O7Niot5PYH4adHduh1EVgnVREsxj1Hu2N/lxS1aX/2g0ZoF77SUlzOAN0FW5RI26lQg0m9Oz5cvAk7DU99oaFuTnUf34nBVPchsATKx6Rp+jqH5yx1T3SUSziEU3FGD3rfLNChD2BL0lQqXEcYZbYy1S0ERmPMgqOPw3baEzEC/YJU87yxc2/6Vbz45ZZQqAyRHTQBAVr6FLl2IksCT91a8ntAQi5CWgXqm7jjbSYKUqcxyQmt2zgkj1c7M/r1aJPeh+8DJtS/FpwSv5kJYdTo9bGYUrshm79CwcBYHwnm7nOkaSQed+CFAHwy44crvR4QkIOEIKeSbvyofn1cRTit4TMzq2d0RJt9w6jIIM3YtqLQOgl6rMRg3BeSsC49BFwp6p6QMcRkkwnOyiYqqmnmV7tHfUn6UVWmstEQ46Wvis+TcRwO3uCxZlwx1WzB6+m03IrNaJRfaliKhpMoTkz4hzk5fBaAkk8rS/hCbyUDcoewkSSGyoD+ogNUoM5p/hzel/p9Cb4NZqBvAziTmYyu14BjFrbmFIUbC2dKz+aipu/wr34m7Jh+dvghO5DqTJY/z7YMzONpe9a7cJNYCsA==,iv:8qeuu0bxKrCDH149UzPOJG71sYcHrd5wUu8ZqH8iTHs=,tag:FRBoPBWVkB8pEc6LuIsEZA==,type:str]
		3	sops:
		4	kms: []
		5	gcp_kms: []
		6	azure_kv: []
		7	hc_vault: []
		8	age: []
		9	lastmodified: "2021-06-17T18:42:01Z"
		10	mac: ENC[AES256_GCM,data:Mqnozqkhcfom0F1lSjZbCJDPXKLqWnRKwHh9tpbhpVYSmSeGk3iHVR+qOkL5/cTCnaWyzsAlJuRm5rmKGuKVqXSXWYSzphZ37c0l8NfPgDKomu5iHyQ6oEJsvSv411zdgHKZximeEwZhVfNf9I3FmTujXK0JiZwDRPoOTwnd7wY=,iv:zjfELB9DmW4vhVg6dbT6vf8SIBLfZod6JAXYkotiiL0=,tag:PkgF5uTST2UkM1ftl8ggmQ==,type:str]
		11	pgp:
		12	- created_at: "2021-06-17T18:40:20Z"
		13	enc: \|
		14	-----BEGIN PGP MESSAGE-----
		15
		16	hF4DXxoViZlp6dISAQdAQwuTgiFIyIrS4Qc9tUIsLuh4RtjuoVRgChVkCs1Svyow
		17	KBGrbWCC5tqnQfCySglrwK7Zz8vg8nsGeDAshQvCf67YDaj+FUrdz68DH0WYRZ9D
		18	0l4BrmFTOnCPZHY/488E14BBm2lNWYwEimWx4FnEQmoTL+ph/XdTtizgQkQlQLc9
		19	tXdHGbeVkEACKE0znF4pFrBs3qKmp9EPJQ4aFUkvdJkb7aadnukUUFzO7/WgMuSN
		20	=G8tT
		21	-----END PGP MESSAGE-----
		22	fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
		23	- created_at: "2021-06-17T18:40:20Z"
		24	enc: \|
		25	-----BEGIN PGP MESSAGE-----
		26
		27	hF4DbYDvGI0HDr0SAQdA9zTLIX+OV+zv8R7SrXOkrV1koa1aYkg+164QngxWpwAw
		28	wyhwHxqISWYeSAmM9xA27vsJ754sXGVVMB5V3FyUlFTWuIVUkUuhq4ijY/PIJle9
		29	0l4Bryp2R72fLE9W82DmEE1XWlxSrAJ15HGIjMI1RVop3UDXQfYdlaP9paebLVaY
		30	cnGncYKIs33GzVDXfaMFmPqamvwpwR5yw25KYGnUfBhaIgSQgcpmU3zwua73ICH0
		31	=bvYm
		32	-----END PGP MESSAGE-----
		33	fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
		34	unencrypted_suffix: _unencrypted
		35	version: 3.7.1


diff --git a/system-profiles/openssh/known-hosts/vidhar.nix b/system-profiles/openssh/known-hosts/vidhar.nix new file mode 100644 index 00000000..94abeab7 --- /dev/null +++ b/system-profiles/openssh/known-hosts/vidhar.nix
@@ -0,0 +1,16 @@
		1	let
		2	hostNames = ["vidhar.asgard.yggdrasil"];
		3	in {
		4	rsa = {
		5	inherit hostNames;
		6	publicKey = ''
		7	ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCopJQaFGSf5/FioXnjppVvzqAxW8/Hcr9xpCpj1WDn5hZoKCzyPmZet43ATG7IxHtEXK1O+FfIN7HUDlPrfOEiw/1W8j/fzFCsjXC/c5031wBaPmBpf0uXOGjuJ2INps7qPfOUqfWKYIKgmdk4Sr2vjRxpSoO08mPgECVwWYDBfRrZD3RYVls9NSW3GZFsCOHNUVxV1O112EFbwzyJUDVpTWqF5uSmW5HD7zAhHRs96q1AiOo7rQ9LfYD51Hc/0XkbUQ+wi9jxZwhwsBmEMMGFVRPGBOXqN5x4DItY8hpzq3h4WJEHvGdtRg89TxBeRIV96six0ThA9aS5JrND6DWOgEueoOv0WnLPswUh/+jg6hnECYW0mg7SbxInU/qESFxYp9jRjErQxThwM4u0fuE2+8LR3cB7Ui2GkjuQvvgI/LTHXucy7nTK9Fm87NDSx7oMyCBu8+I/8wntHD4s2SMvGi+BBI5i2dH+VBEoZEbi58DLZa+bwzfuAj+h46DNdR8=
		8	'';
		9	};
		10	ed25519 = {
		11	inherit hostNames;
		12	publicKey = ''
		13	ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKHGEME8AQDpXnDuI2G4aruVnz3of37+ZgXJh85h8Frq
		14	'';
		15	};
		16	}


diff --git a/system-profiles/rebuild-machines/ssh/vidhar/private b/system-profiles/rebuild-machines/ssh/vidhar/private new file mode 100644 index 00000000..b45a1172 --- /dev/null +++ b/system-profiles/rebuild-machines/ssh/vidhar/private
@@ -0,0 +1,26 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:PKQg38OglhjMpT1DYQI5LG++hsMZX2tOTwENpI0vqiCluAjj5Z8IebYKcawKsDxtMSJlMqHfBAXoMu3DB8EC6AusYnXR5hjpLSLGNcGO/74JACYT3JgsAIn3c33kqk+jfyO3Ru8LJgWn6dsob7s20QGxgA/NqXnyUKtDDJOCgsRmVGKu6IQlHuYtE/oULDvtKA/9ksBNajo2c/uvjUN0jFkY4KJ3S6zVTRYrJV+VfRbxVmRiswbHyjPjdML4+1ipse1nNObjo3HVtg5vz4qT901YT7/3PbyJBo22dtuGACB9aCVq8HZVgKNf9DXJI6ZlZYCqeON9EeRB4QFFXOi+//w4wA/disDm76kVxzgJsDSjVqstqQIpIwPHAeAu/fwl61qNCZ2oxXXzu3EIJARb5UR9E2lREkfe7XiB+QJgfzlWziTUM4RxlO6ykMsXqcIDFmCdNH84x9KvHaz9RYqbjS6fsnei5+TQz/L5H+mXDVOrBJTPHikdYn5dFmgID6oXgO7HvhFc4udoR3sruEs97yN4f/0II5MXToJZCO9zeFtWL7U=,iv:DIldXjNu6GThFoh5DFhyxu4jLzD8dJGPiTg6gDE9Dd8=,tag:at151R9sjx3+1yTSfmDFeA==,type:str]",
		3	"sops": {
		4	"kms": null,
		5	"gcp_kms": null,
		6	"azure_kv": null,
		7	"hc_vault": null,
		8	"age": null,
		9	"lastmodified": "2021-06-17T18:39:16Z",
		10	"mac": "ENC[AES256_GCM,data:6E11CWkKpVxoPDw8jpg7Q1Jp+oIAS4W5PVTqzFJXeOOz2ZstVTlyhWdSRFJ/Xd09NuIRak+vAcOcU/t7v2d/mvNlogjCPdQE3ypRtm1HbawZUXwGgml9PRt0iMwS6MchMLWpze+eVu1j/hHvtAuqgRydMTCbT+T+qJOpax9olws=,iv:5VxHFHEFuTWYbKbwNIJAMYDDBoKkHOYLbe+l8amizhU=,tag:T7NBal0l4Nw8Pxm64CPDaA==,type:str]",
		11	"pgp": [
		12	{
		13	"created_at": "2021-06-17T18:39:10Z",
		14	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DXxoViZlp6dISAQdAuCBzgHL7hYw9643MOm4Y3Zunz2N3cKg5c/RoPzm+D10w\neaMjK+pjFEUrGgptKyNEDRwaWnhtqXfHOvF/FCTKzr0yC2TRR1GRAEcz6vSJhL9f\n0l4BsshxfcB/ZUB5jE2F8No/MbD/beSKvUwgXlEMz8blOBbGUqkpp5zwjt91GXml\n2Fwrxzi5j3T2DgI8wH6XGpN9lNfFNk/JudFm0Y0yaXA4dFou1T+4hKWTb1mfTcTd\n=phfT\n-----END PGP MESSAGE-----\n",
		15	"fp": "30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51"
		16	},
		17	{
		18	"created_at": "2021-06-17T18:39:10Z",
		19	"enc": "-----BEGIN PGP MESSAGE-----\n\nhF4DbYDvGI0HDr0SAQdAwkrIrbqgFCr75iDMH94Jv7rmJ87i6YUF+DUHOU6zF0Qw\nHXDlYeeEagxRch/WEkWiRM/g+5oZFLHDPIL86MenyTt0HbACekRNIqHxA6Q5uZLK\n0l4BzVzVxjusQolYvvWiwWxMmqVc19nrEqNHYDmxKAZqNiLUGBDO2KHNNA+6MAAP\nxAqmhmdWD/Kk7/X9WqOSiLvL6bsvHXOdmtnoqiXiuRDfPCJMZ3rma15WXjEe6EXq\n=3pEu\n-----END PGP MESSAGE-----\n",
		20	"fp": "A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362"
		21	}
		22	],
		23	"unencrypted_suffix": "_unencrypted",
		24	"version": "3.7.1"
		25	}
		26	} \ No newline at end of file


diff --git a/system-profiles/rebuild-machines/ssh/vidhar/public b/system-profiles/rebuild-machines/ssh/vidhar/public new file mode 100644 index 00000000..5876f86e --- /dev/null +++ b/system-profiles/rebuild-machines/ssh/vidhar/public
@@ -0,0 +1 @@
			ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJ5JB1Tq+awZlPshFfGJ+PBHf8g/GI8+FbsASdsrOiS rebuild-machines@vidhar