summaryrefslogtreecommitdiff
path: root/system-profiles/rebuild-machines/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'system-profiles/rebuild-machines/default.nix')
-rw-r--r--system-profiles/rebuild-machines/default.nix66
1 files changed, 66 insertions, 0 deletions
diff --git a/system-profiles/rebuild-machines/default.nix b/system-profiles/rebuild-machines/default.nix
new file mode 100644
index 00000000..53bba06b
--- /dev/null
+++ b/system-profiles/rebuild-machines/default.nix
@@ -0,0 +1,66 @@
1{ pkgs, hostName, ... }:
2let
3 rebuildScript = pkgs.stdenv.mkDerivation {
4 name = "rebuild-${hostName}";
5
6 src = ./rebuild-machine.zsh;
7
8 buildInputs = with pkgs; [ makeWrapper ];
9
10 phases = [ "buildPhase" "installPhase" ];
11
12 inherit (pkgs) zsh;
13 inherit hostName;
14
15 buildPhase = ''
16 substituteAll $src rebuild-machine.zsh
17 '';
18
19 installPhase = ''
20 mkdir -p $out/bin
21 install -m 0755 rebuild-machine.zsh $out/bin/rebuild-${hostName}
22 '';
23 };
24in {
25 home-manager.users."root" = {
26 programs.ssh = {
27 enable = true;
28 matchBlocks = {
29 "machines" = {
30 hostname = "git.yggdrasil.li";
31 user = "gitolite";
32 identityFile = "/root/.ssh/machines";
33 };
34 };
35 };
36 };
37
38 sops.secrets = {
39 rebuild-machines = {
40 path = "/root/.ssh/machines";
41 sopsFile = ./ssh + "/${hostName}/private";
42 format = "binary";
43 };
44 };
45
46 system.activationScripts.rebuild-machines-publickey = ''
47 install -m 0644 ${./ssh + "/${hostName}/public"} /root/.ssh/machines.pub
48 '';
49
50 environment.systemPackages = [ rebuildScript ];
51
52 services.openssh.knownHosts = {
53 rsa = {
54 hostNames = [ "git.yggdrasil.li" ];
55 publicKey = ''
56 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDNr7oFNneR3sVuAhdbnU83PuG6gTU6rDmiz+qykkRUr5Qdtm0NIr9lI7nhoO/MaALWmkMXsBGjvJ2UxvY959g0wQRHJZnuJDwOMo3YJjfuDGMTtp8ikzd646uMHQB+y/xb4dou6f0INr94eRsZcji7AQgZQnyWVV3DZuSADBfNK0Tx6sT6IdbJXaCwYoexnfSfzDdu3i5zMuReF4zdkFUEfAdcbOM8Cr0Abnn4+iLVrof/QaOEuZDC+Pf5QUhkAArETdavSCUIbV6+1md0jz/T8yalgrTCsYOoEUbSPwM/8vmiYDWSo/tvAf3KnVIPjjK2UFz7Qu0HyK0y1dBEXoYLGZ1ep4x67aE4zy7GlR2GZdAYilHknugZB+/kvYGDEixHFfcUh/uvF5PY8sm63C6HUBT1s/aQHXGHgE4uUru6YvbU3UW3fRdslABY/atZ9gc3MuKu9Zk27b1SYfAAoK1R8rKsOKWqUWvvMVCfKBNKqqb7+30q75iGeneB8Tb1C9lToyDG2Yl5p+Gpfnj8YmaU/xFm0HFEC42crRbaQyz01LmupHWf8VwH/O2LsjztAF9b4Oe2q/NwqQAF+h5hIm2tfM2fzxHGCmw1sFYf6dEdkyV5pge/IJrnuQn27iO06tRC6tvrt/ocbpwEEOk/3WWpAWW4oT8L5ceh7iAXrCRWpw==
57 '';
58 };
59 ed25519 = {
60 hostNames = [ "git.yggdrasil.li" ];
61 publicKey = ''
62 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDeBBux2bIXnS/RUv+Y/NCpzI/SCW0KOJSzf48KDiEZD
63 '';
64 };
65 };
66}