From 7c7da0db052ca7638ce5f7ff926d2250699fd703 Mon Sep 17 00:00:00 2001 From: June Date: Sun, 26 May 2024 14:39:28 +0200 Subject: [PATCH] Add a nix box managed by June Every admin can login as its own user with the keys listed here: https://git.hamburg.ccc.de/CCCHH/infrastructure-authorized-keys/src/branch/trunk/authorized_keys --- config/hosts/nix-box-june/configuration.nix | 7 +++ config/hosts/nix-box-june/default.nix | 9 ++++ config/hosts/nix-box-june/networking.nix | 22 ++++++++ config/hosts/nix-box-june/users.nix | 59 +++++++++++++++++++++ flake.nix | 13 +++++ 5 files changed, 110 insertions(+) create mode 100644 config/hosts/nix-box-june/configuration.nix create mode 100644 config/hosts/nix-box-june/default.nix create mode 100644 config/hosts/nix-box-june/networking.nix create mode 100644 config/hosts/nix-box-june/users.nix diff --git a/config/hosts/nix-box-june/configuration.nix b/config/hosts/nix-box-june/configuration.nix new file mode 100644 index 0000000..7dddcc1 --- /dev/null +++ b/config/hosts/nix-box-june/configuration.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: + +{ + networking.hostName = "nix-box-june"; + + system.stateVersion = "23.11"; +} diff --git a/config/hosts/nix-box-june/default.nix b/config/hosts/nix-box-june/default.nix new file mode 100644 index 0000000..cb94765 --- /dev/null +++ b/config/hosts/nix-box-june/default.nix @@ -0,0 +1,9 @@ +{ config, pkgs, ... }: + +{ + imports = [ + ./configuration.nix + ./networking.nix + ./users.nix + ]; +} diff --git a/config/hosts/nix-box-june/networking.nix b/config/hosts/nix-box-june/networking.nix new file mode 100644 index 0000000..073250b --- /dev/null +++ b/config/hosts/nix-box-june/networking.nix @@ -0,0 +1,22 @@ +# Networking configuration for the host. + +{ config, pkgs, ... }: + +{ + networking.interfaces.net0 = { + ipv4.addresses = [ + { + address = "172.31.17.158"; + prefixLength = 25; + } + ]; + }; + networking.defaultGateway = "172.31.17.129"; + networking.nameservers = [ "212.12.50.158" "192.76.134.90" ]; + networking.search = [ "hamburg.ccc.de" ]; + + systemd.network.links."10-net0" = { + matchConfig.MACAddress = "BC:24:11:6A:33:5F"; + linkConfig.Name = "net0"; + }; +} diff --git a/config/hosts/nix-box-june/users.nix b/config/hosts/nix-box-june/users.nix new file mode 100644 index 0000000..9f1b217 --- /dev/null +++ b/config/hosts/nix-box-june/users.nix @@ -0,0 +1,59 @@ +{ lib, ... }: + +{ + users.users = { + chaos.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ]; + colmena-deploy.openssh.authorizedKeys.keys = lib.mkForce [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ]; + + djerun = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGWXk9N9GoDyvaB0mnX448IvzKKsMv0eFZKvjqmsJ3In djerun@chaos.ferrum.local" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQsu6WSAXsF45wGmw2spQUWopsgioUuFI8hKLBW/WVk djerun@chaos-noc.ferrum.local" + ]; + }; + june = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOqCxniUEAZAYqL5zbisFfYcQx+7iDRrMo4Pz4uWXq5b julian@01_id_ed25519" ]; + }; + jtbx = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBQgnQAq6FUSDK8bxtYPjx3oRCAKG+xy9J3Gas2ztJk jannik@Magrathea.local" ]; + }; + dario = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZtJwNPEIfNsAxBfWgxAeoKX1ajORPvs6L5S+qipJ7J dario@ccchh" ]; + }; + yuri = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdk3FLQRoCWxdOxg4kHcPqAu3QQOs/rY9na2Al2ilGl yuri@violet" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEvM35w+UaSpDTuaG5pGPgfHcfwscr+wSZN9Z5Jle82 yuri@kiara" + ]; + }; + max = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHNGDzZqmiFUH75oq1npZTyxV0B7eSJES/29UJxTXBc max@iridium" ]; + }; + haegar = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhWTkvLI/rp6eyTemuFZRbt2xxRtal7fu668nnb/ekU haegar@aurora" ]; + }; + stb = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgVuX9phyXImxqvof+49UXhiSQ+VGizeU4LrPcZY1Hy stb@lassitu.de 20230418" ]; + }; + hansenerd = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBxujzHK49IBtYKPgnTCDQEiIxgzzlQ846tmU+6TcMIi hansenerd" ]; + }; + echtnurich = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOWWxkGFje1CJbZTB2Kv8hxZpvRR8qyw2IarRIHnQj3+ echtnurich" ]; + }; + c6ristian = { + isNormalUser = true; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOgfWcCrsVSXvYEssbfMOy2DnfkGSx+ZRnPLtjVNSxbf c6ristian" ]; + }; + }; +} diff --git a/flake.nix b/flake.nix index ec4d55f..8f76279 100644 --- a/flake.nix +++ b/flake.nix @@ -237,6 +237,19 @@ ./config/hosts/eh22-wiki ]; }; + + nix-box-june = { + deployment = { + targetHost = "nix-box-june-intern.hamburg.ccc.de"; + targetPort = 22; + targetUser = "colmena-deploy"; + }; + imports = [ + ./config/common + ./config/proxmox-vm + ./config/hosts/nix-box-june + ]; + }; }; packages.x86_64-linux = {