diff options
Diffstat (limited to 'hosts/vidhar')
-rw-r--r-- | hosts/vidhar/default.nix | 21 | ||||
-rw-r--r-- | hosts/vidhar/initrd-host-keys/private.yaml | 35 | ||||
-rw-r--r-- | hosts/vidhar/initrd-host-keys/public.yaml | 4 |
3 files changed, 1 insertions, 59 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index 4d7830e8..25f37133 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix | |||
@@ -3,6 +3,7 @@ | |||
3 | imports = with flake.nixosModules.systemProfiles; [ | 3 | imports = with flake.nixosModules.systemProfiles; [ |
4 | ./zfs.nix | 4 | ./zfs.nix |
5 | initrd-all-crypto-modules default-locale openssh rebuild-machines | 5 | initrd-all-crypto-modules default-locale openssh rebuild-machines |
6 | initrd-ssh | ||
6 | ]; | 7 | ]; |
7 | 8 | ||
8 | config = { | 9 | config = { |
@@ -41,15 +42,6 @@ | |||
41 | hdd4.device = "/dev/disk/by-label/${hostName}-hdd4"; | 42 | hdd4.device = "/dev/disk/by-label/${hostName}-hdd4"; |
42 | hdd5.device = "/dev/disk/by-label/${hostName}-hdd5"; | 43 | hdd5.device = "/dev/disk/by-label/${hostName}-hdd5"; |
43 | }; | 44 | }; |
44 | |||
45 | network = { | ||
46 | enable = true; | ||
47 | ssh = { | ||
48 | enable = true; | ||
49 | hostKeys = with config.sops.secrets; [ initrd_ssh_host_rsa_key.path initrd_ssh_host_ed25519_key.path ]; | ||
50 | authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys ++ map (kF: builtins.readFile kF) config.users.users.root.openssh.authorizedKeys.keyFiles; | ||
51 | }; | ||
52 | }; | ||
53 | }; | 45 | }; |
54 | 46 | ||
55 | supportedFilesystems = [ "zfs" ]; | 47 | supportedFilesystems = [ "zfs" ]; |
@@ -58,17 +50,6 @@ | |||
58 | }; | 50 | }; |
59 | }; | 51 | }; |
60 | 52 | ||
61 | sops.secrets = { | ||
62 | initrd_ssh_host_rsa_key = { | ||
63 | key = "rsa"; | ||
64 | sopsFile = ./initrd-host-keys/private.yaml; | ||
65 | }; | ||
66 | initrd_ssh_host_ed25519_key = { | ||
67 | key = "ed25519"; | ||
68 | sopsFile = ./initrd-host-keys/private.yaml; | ||
69 | }; | ||
70 | }; | ||
71 | |||
72 | fileSystems = { | 53 | fileSystems = { |
73 | "/" = { | 54 | "/" = { |
74 | fsType = "tmpfs"; | 55 | fsType = "tmpfs"; |
diff --git a/hosts/vidhar/initrd-host-keys/private.yaml b/hosts/vidhar/initrd-host-keys/private.yaml deleted file mode 100644 index ea424974..00000000 --- a/hosts/vidhar/initrd-host-keys/private.yaml +++ /dev/null | |||
@@ -1,35 +0,0 @@ | |||
1 | rsa: ENC[AES256_GCM,data:u5NbMQLLIHzcH1oUvGbxNRiK0DUX84tQ/sIaUae370jkTdiRTrwTSOX+TielSgwEyLo7KAOVO0olbEheJjP6tLlOExDZZCO09YBqvZksSkT+0irnpA9K3oIPZVAKMgoGMRvr8I1fWn9ZQGpzFBrEOGN9+f5bJ4y44IHUxepvCalQQb4wFNqZv/tPAH8ku18v4U6Nocqfj4PfECzCaslRBY3tCiZ4ipbnBSaLM5KHDZWHYti88kG67xwupJ/v48wLtKwVQIzTvY+oN4ZnwRGzmqHfuz8EET/BrLZ/WLJtf3JuEqTZQIw24qP/8Q2/zEH40IzxeZvP5D1MzPpEVamU1FM9WAtwOQkrpoZL8+lRpcJvQdqbZqz1qLGU0MZmI++MudxebuIZ5g36y7xLAcYS3OuaekG66e6fhp1txqK09HB3wxXJVq7B13ip0MRDl1xfbVkSfDFBSSZ7hCueFS+2ee8d7fha7Y1wINZ5eU9WCjRG3yD/vMvLbJjRDKVhCZmoWUWcrhlzOIRmgYVetZqsHmPjBqOFd4bdc8fJLoJaGtlUFxSpuep8kO48J5Ibuk2GnBaiWinT92rUrkbErlREnDDt20B6ev7A3uJ8kLogiH6OdwVMvw2U1DTSsUZFhzlgXxe9kSThonR8ISpMOafDQOucfHNf96P5I5px0w6+KjZAFp9E7Liw3I5CBkvx+DYPYrq+4l3Q6/NdEAIBJivfxItLCbQn0EdS5bRPjWlygEjWmcUz2ivmTShpHYO4ZGjrgxgF6SVzJFcS66UzL/MrdHwxWuTkjcOQ8S9CaUq4uSniHusnO5RQEbDQSFvH5+D9R/vsaqDx+Hr1VHj782hEMDaRnV6afV1j4zlrJyO6VoUDVH5NAnlGRxDBDjnPhS+769qVlqlGNcrMqHJC0Xp2LPEfxKdRfPFAxSAVGNCj7s2w2t0/XSZ3qPOHOzkQRx0A4wD9r0CtarE1mO1My2mQnCSs/t9MGNiVNWRJXox4R2cpZY773+4XCPIli89ByOl6nVc1kva/ZifpVdLOAd0nPD+flq+H8CdZDWDcZVPrsiNplP3f38b41mIdpP/H4INORFnmOl1NEpwAO2J9n4uWBkXhst4PYJoTwdkr4YkVOgYK1hYlvrXoo36B/akTmVLNXwA7E75Db5LcMNhtnHuaUMmc1a1ztMQzXAKbeC4GR173kT49Yo8o0rkVTUPYYyXpAQyOIkwL1yRI1QvArKmwzb21UcN4t0dd7VGGTyDe3tJ8rdtJp7g225YSrFCOKKcpPCEKrKaqZMknOTzANnKMzwk/bHeGU9vaAOKrPJ8FjPqO6txWumYIXcMUyLERZ8jaC+1NTbGeq+u8q0IkESOTOB8TGEmafa6UBIkn15L5DDM4aA8sxjXL3WHaDRNfeRUjT5QVW3a3AiNMvEugNQIksTBcIpj7xPcf5LkncopP5BhLKFj3n9wGEdI/BBCclR3VnkIVkiGjxcJpdjkRXIYIxo69a/xV31Sw/sFxbg0/QsdEkCzkn553/SQbWKJbQDnSeQPNc5UIfSsn0wqknIOgRjFbHEZDD+PGPFrQzbz+v54ZfpVtCmgkoYvu4M6sfJ8r0VuuEcHCAjyS2CzFR6IYqyR7dZqDBAwdP6EeDbo2tQFwH0myYEkPFSwwWfPzvayyjP85LSVBNVBpCGVeuNSDYiJ0j/hyOYNxwj+rQ8IC+0Fl0EbikZuVZ8LD/tQl08aCh4g89psayM0PBKUrs0FCJoh6uSXKbSuenyllvjc9KRj0uwKYtKO/QhfCf1XgAdcUm3FRWGAohDrPaWkeCn75YerskIcDaVZuk9sQa76vW4djWzJpGPPZ1lYQh1IMojFr/SbRqvH/q5Jj3GHbRaVvkym1VRFQmerb0g7WPcs1tugTUvXSLm8dnfBYNCX6X/LkfyMtW6LeWlasdOTSOzNh+HpqIDMXRwq7l3xfwCuvIVcdF0aS+uWpOeiBuqPVCNqr1qF0IzGI53Uw5bkFY/wxxwIBbRxi1pAy91C4nLjWnhWgNw66h23Cw/cq2aFNdSsw/Amtn/8TztUIpH6QZG/1QyaZBjH+yXUm4OFkb31VVQCnaEPqHVoHpkmGFu2zNMrrVCHLEwOpyyBpRskHA1oGCv0fv5Smn6G+n2liHe0YDPQdH+GvMvJYfuzju0eahFhozRU1X3NPbbHAKcxffeQ+bkXN2QQncJgmPMY6bzbe85S94uk3Y0lSf4/L9kWcoaV+96ChjZ7hV1nFjkD0R9GPsEmLebS7MdnzDQLRMKhwEJgLi6S7PZg/Q9OPuXU7qX2mnmM9S7HLDfeW1oMcGhrhj/bvneBJB+XG4GWnQUVGS4EKACURV9A2nyx3/zfXIdEW1FX3dByWuJf73hPqnWqrGunMb1tHAWenTnw34KT5l077duSvYGpS44AGyZwwpA/7rwAAYlu2G0m+lPWRvJMSQweoKwgZh58E2v9T0b+yAY+YTpTMnh/gALW7wtpJy77IzroZEKx0ysWQ7HywzbXoZc3wpiCvGbxrxQJsLj91JBo7QT6VwCgId6bLgcgMwX6YptRTqTu7nt37VzeT3jsWj5TvXXXa0sToWplUtE5WzwpSx6sx7iPwd63NSDBSfGoOH6ZFgBBVuu1qSYUekp3oipY86V4w+bpPexck/ZgS8fMfYVILlAvt97J7tRTEqo02opEWwO2a4t1lBjaVtvskUIC5ddcSDN0JwY6JpblS2i9CiDB+Dv4oA8oepA/GGnbIK9YUC4uerrfZjPfyf9lIIKYY3EpvMghhOYLkKR/jwDAX7t6c92YrkCtNXRAiGPNMnYiP5S9kK7zlVeb/70Nd3Ew6iOlpklNRlMM6zSOy8vzRGnBoDhtWcPDmyUHh0W9ZuXv2LD+f7qaMqZngKxo3kdThA2bCMRpCiAst/1GmEq/7cw7R6TW+ENcBZfZqZLUcIHAMFsVJ5M8LpUT0Q4kQ6Ha3uiPDdRtC5gXFEWhTq+XPBm5Sn2EMOxqI+j0yknhGXQ4dpr+AAT6B6y5fYR3Fe3ytTMet5Q1fezTuL4bRPRyHpV+R9QigSf+OM47SwbG4E/+ZKuIMWfBsIv+vfuw5XGTXGHtYm2rvAD92BTa8pMrD9G4o6ZTHTUO9DGnYZUhLdWYFH6I8TS5IGKuwvo5DezUmyoC08BR7yAq2zm33cw9WaNfNCDpBSCUuzrgXJHDEJVICc9QugMM3Z17U0oPksGybj02gptC8724cxxA0Spxb1seRsRlMYHYWCI2Tdv9Mjhr5sw5MjwtioALbQ4hsihXgTGlqkrgaW2TAKFt8L4gb2hhp5l+jxnGF3gacFodniRLGI4ue6MgwlHhFVaiGa5dT+tjU6tYDVCaL8DeHj7UZDEs2NJo4+v5lwv6JjZMAZfbPFY150KSlHV2u0ll64pF7sJjKF7pEaSYYmdRhEjCjFpMCmtJ0rxJtgIyuzA==,iv:r/ksbyC44RrP2BCUUdmOHPfIhi9LPCF+fs1/urWz6Ss=,tag:Zk3xJw1tcf+/YQpAYwVt+w==,type:str] | ||
2 | ed25519: ENC[AES256_GCM,data:PE0UKLLThNwkdi2oz38HlgslJD5i9c9cL4ZBSBxSMcz7bXzLMv58Z9vucJ4WPtBxKSvFx5ksl/alRUyh2WTxuGNgut9vcgcNSG2qXzb8jdxb5CbFK1yVglVX7wtQkaOwmlc1Pty64sA0jwucaQQhEMeVXA/kxwe5uagCIupjP6lqnkzAuf4Dc1jIfXdEoEV0jtVUSjgeXHPymSPkg1J95VUMEIfVbncFxvzSQngv5kuE/XoH3adujuKR9fC/Z5u08hSjTzGQzMdgZk5BYvy7AWYN8SmfWcyAkClywj9DCzgaw8KY+MzSxQWrhAt3rqobmtVoJoJ5oc1/l6m5pPsyb/Ex2wwFh/rWm7SNfhW/Ev/ZuIX7llL7HCgXxhiCJIl9X4jkwF6OvslvK1wYgJ6rvGQwyM+/7Q8/rX1KJnq3qA93SfDi/fPLuJxcMYj/mZ/bluG4bsTFaUzDf1l6C251p24JJt3F0o1RTF1zgACrdhKK1BN79sQt4xDnHawCCwEkBbdeE0pmml1i3aUy5thl,iv:6cYTjmJd44Uc+uwnIZI1CUuKhYNGHuWa8wr7CYJY3RY=,tag:+PGy7aVeHyLH+B04Nj8BRQ==,type:str] | ||
3 | sops: | ||
4 | kms: [] | ||
5 | gcp_kms: [] | ||
6 | azure_kv: [] | ||
7 | hc_vault: [] | ||
8 | age: [] | ||
9 | lastmodified: "2021-08-03T14:47:32Z" | ||
10 | mac: ENC[AES256_GCM,data:gWbmGMZ+/Ts7NP9J1q/kjQmJ7V6lJ5xFpjZNJ+aTOmkz7a6sG8SRvNEW/qrpJfCzEFdQJYhOW3X9FhWpb5U6j4gINrgqUGdusQpw0PmIieC5tCPQPlTPHMReK0xaZ3NViMdHJhGdtehGfPqAtA3Bifn2ZZzOrzTOaPN2fH11fZw=,iv:FhKERfmDPmWn5ZKkuHWMc/vINpmJTr0jZ1iCkSgAUEs=,tag:ibe+m8vz6b+a+as5mz4+eA==,type:str] | ||
11 | pgp: | ||
12 | - created_at: "2021-08-03T14:47:02Z" | ||
13 | enc: | | ||
14 | -----BEGIN PGP MESSAGE----- | ||
15 | |||
16 | hF4DXxoViZlp6dISAQdAFyVws/2vIBK6ohlM93FpgKt6RXI8RPgaJSgHKsSeMB8w | ||
17 | XJqXQ2YGG8X6kHR/SW3A//1hBbLAaT6cRj7PLtkabr/5vgJ1Yk+k2mCFg+fte61o | ||
18 | 0l4Bppl+iqVjECSJlrRp/GtbbyGlSS+pAItDZKAZOnrIYbx27CFfxNDDHv8EAFDP | ||
19 | HoYtgpeVxgRuvIBMHexMiuFExExkddHpHkSDoT1iJOsK+SQEqbxSfZpEJIRLcjb9 | ||
20 | =hvve | ||
21 | -----END PGP MESSAGE----- | ||
22 | fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 | ||
23 | - created_at: "2021-08-03T14:47:02Z" | ||
24 | enc: | | ||
25 | -----BEGIN PGP MESSAGE----- | ||
26 | |||
27 | hF4DbYDvGI0HDr0SAQdAvLR7Ngh3gqQAnmlCeSwKGwWXBNlBZxxliQBOkhhKcSow | ||
28 | V9mWDn01Iue3qHQwGCd7Om/9EqU7SkFrkxzgAIBRJpAmj0eP1zsgiWepawzQ4glb | ||
29 | 0l4ByB+6R+V2SyGI9HcABJiLcTOIjVLgn1QzK0l4K2ewS2K5FSBGNzVKoT+p4J5a | ||
30 | ja6A7vM0u12ddlqkifBsqN7900gI2ZTUz00rDZqis3sJk9J8dyWsAdkscig7Htlg | ||
31 | =hZHL | ||
32 | -----END PGP MESSAGE----- | ||
33 | fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362 | ||
34 | unencrypted_suffix: _unencrypted | ||
35 | version: 3.7.1 | ||
diff --git a/hosts/vidhar/initrd-host-keys/public.yaml b/hosts/vidhar/initrd-host-keys/public.yaml deleted file mode 100644 index af521564..00000000 --- a/hosts/vidhar/initrd-host-keys/public.yaml +++ /dev/null | |||
@@ -1,4 +0,0 @@ | |||
1 | rsa: | | ||
2 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCs0bzHfJBgG5AP0nSUgkGBoxRLRDu9FMfwJN3NFLeUf1axmKPja0mO+ddUQeLobDcl4zU4VyBxdd5qrrSkAufM76GJJFqXGJs98WudELXD5I4/o99Fh7xSf6QtafftTbjUfcTzX9t30Cb109Ppv1sKANcfLOx5EWH4TX3WK0vWTZHlS/OHvojwx7Y8/8dYbA96neMSBK5ceDu/VAG/JHYz5JgtDczSKUnbh026xav8rv9Sd3paC42XNlWSkjvpXxXoJ+ta5SuOXAl+4gPDvjgxK+QJ+yglhJma7LdHt7tqQjy/R0v5+wMzbNCKdQ1E9GiCw+hSE3mbCj/PVFy+J1oadBta+qF5SKCSurFeCRaehTTz6Qynxu0OxLQV/OHX6yC2i9OVJOs0PNGiot9pjxoSKyKrlT7gshP6MRfC1F330oVDSOPAkFLFFkTJtzb0ifJ5s1LyM0LyJAPso+5ytCcSOoQpcKd54VbSTYXBcnWtRFtEzUDIeLDeRWgQ0zJsef8= | ||
3 | ed25519: | | ||
4 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBb+RVaConednm1DsYh18ttUEs/FJ7+E3g0YGbZcJthp | ||