From 7c7da0db052ca7638ce5f7ff926d2250699fd703 Mon Sep 17 00:00:00 2001
From: June <june@jsts.xyz>
Date: Sun, 26 May 2024 14:39:28 +0200
Subject: [PATCH] Add a nix box managed by June

Every admin can login as its own user with the keys listed here:
https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys
---
 config/hosts/nix-box-june/configuration.nix |  7 +++
 config/hosts/nix-box-june/default.nix       |  9 ++++
 config/hosts/nix-box-june/networking.nix    | 22 ++++++++
 config/hosts/nix-box-june/users.nix         | 59 +++++++++++++++++++++
 flake.nix                                   | 13 +++++
 5 files changed, 110 insertions(+)
 create mode 100644 config/hosts/nix-box-june/configuration.nix
 create mode 100644 config/hosts/nix-box-june/default.nix
 create mode 100644 config/hosts/nix-box-june/networking.nix
 create mode 100644 config/hosts/nix-box-june/users.nix

diff --git a/config/hosts/nix-box-june/configuration.nix b/config/hosts/nix-box-june/configuration.nix
new file mode 100644
index 0000000..7dddcc1
--- /dev/null
+++ b/config/hosts/nix-box-june/configuration.nix
@@ -0,0 +1,7 @@
+{ config, pkgs, ... }:
+
+{
+  networking.hostName = "nix-box-june";
+
+  system.stateVersion = "23.11";
+}
diff --git a/config/hosts/nix-box-june/default.nix b/config/hosts/nix-box-june/default.nix
new file mode 100644
index 0000000..cb94765
--- /dev/null
+++ b/config/hosts/nix-box-june/default.nix
@@ -0,0 +1,9 @@
+{ config, pkgs, ... }:
+
+{
+  imports = [
+    ./configuration.nix
+    ./networking.nix
+    ./users.nix
+  ];
+}
diff --git a/config/hosts/nix-box-june/networking.nix b/config/hosts/nix-box-june/networking.nix
new file mode 100644
index 0000000..073250b
--- /dev/null
+++ b/config/hosts/nix-box-june/networking.nix
@@ -0,0 +1,22 @@
+# Networking configuration for the host.
+
+{ config, pkgs, ... }:
+
+{
+  networking.interfaces.net0 = {
+    ipv4.addresses = [
+      {
+        address = "172.31.17.158";
+        prefixLength = 25;
+      }
+    ];
+  };
+  networking.defaultGateway = "172.31.17.129";
+  networking.nameservers = [ "212.12.50.158" "192.76.134.90" ];
+  networking.search = [ "hamburg.ccc.de" ];
+
+  systemd.network.links."10-net0" = {
+    matchConfig.MACAddress = "BC:24:11:6A:33:5F";
+    linkConfig.Name = "net0";
+  };
+}
diff --git a/config/hosts/nix-box-june/users.nix b/config/hosts/nix-box-june/users.nix
new file mode 100644
index 0000000..9f1b217
--- /dev/null
+++ b/config/hosts/nix-box-june/users.nix
@@ -0,0 +1,59 @@
+{ lib, ... }:
+
+{
+  users.users = {
+    chaos.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
+    colmena-deploy.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
+
+    djerun = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWXk9N9GoDyvaB0mnX448IvzKKsMv0eFZKvjqmsJ3In djerun@chaos.ferrum.local"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQsu6WSAXsF45wGmw2spQUWopsgioUuFI8hKLBW/WVk djerun@chaos-noc.ferrum.local"
+      ];
+    };
+    june = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ];
+    };
+    jtbx = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBQgnQAq6FUSDK8bxtYPjx3oRCAKG+xy9J3Gas2ztJk jannik@Magrathea.local" ];
+    };
+    dario = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtJwNPEIfNsAxBfWgxAeoKX1ajORPvs6L5S+qipJ7J dario@ccchh" ];
+    };
+    yuri = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ 
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet"
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara"
+      ];
+    };
+    max = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHNGDzZqmiFUH75oq1npZTyxV0B7eSJES/29UJxTXBc max@iridium" ];
+    };
+    haegar = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhWTkvLI/rp6eyTemuFZRbt2xxRtal7fu668nnb/ekU haegar@aurora" ];
+    };
+    stb = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgVuX9phyXImxqvof+49UXhiSQ+VGizeU4LrPcZY1Hy stb@lassitu.de 20230418" ];
+    };
+    hansenerd = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxujzHK49IBtYKPgnTCDQEiIxgzzlQ846tmU+6TcMIi hansenerd" ];
+    };
+    echtnurich = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWxkGFje1CJbZTB2Kv8hxZpvRR8qyw2IarRIHnQj3+ echtnurich" ];
+    };
+    c6ristian = {
+      isNormalUser = true;
+      openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgfWcCrsVSXvYEssbfMOy2DnfkGSx+ZRnPLtjVNSxbf c6ristian" ];
+    };
+  };
+}
diff --git a/flake.nix b/flake.nix
index ec4d55f..8f76279 100644
--- a/flake.nix
+++ b/flake.nix
@@ -237,6 +237,19 @@
             ./config/hosts/eh22-wiki
           ];
         };
+
+        nix-box-june = {
+          deployment = {
+            targetHost = "nix-box-june-intern.hamburg.ccc.de";
+            targetPort = 22;
+            targetUser = "colmena-deploy";
+          };
+          imports = [
+            ./config/common
+            ./config/proxmox-vm
+            ./config/hosts/nix-box-june
+          ];
+        };
       };
 
       packages.x86_64-linux = {