Commit 2fc3537970fa

Vincent Demeester <vincent@sbr.pm>
2018-10-19 16:57:08
users/ssh : remove ssh-keys and use machines.nix for all
Also add a sample file Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent f4ddce7
Changed files (3)
assets
machines.nix.example
ssh-keys.nix
profiles
users.nix
assets/machines.nix.example
@@ -0,0 +1,37 @@
+let
+  wireguard = {
+    ips = {
+      kerkouane = "10.100.0.1";
+      shikoku = "10.100.0.2";
+      # […]
+    };
+    kerkouane = {
+      allowedIPs = [ "${wireguard.ips.kerkouane}/32" ];
+      publicKey = "<kerkouane wireguard public key>";
+    };
+    shikoku = {
+      allowedIPs = [ "${wireguard.ips.shikoku}/32" ];
+      publicKey = "<shikoku wireguard public key>";
+    };
+    # […]
+  };
+  ssh = {
+    kerkouane = {
+      port = <custom ssh port>;
+      key = "<kerkouane ssh public key>";
+    };
+    shikoku = {
+      key = "<shikoku ssh public key>";
+    };
+  };
+in {
+  wireguard = wireguard;
+  wg = {
+    allowedIPs = "10.100.0.0/24";
+    listenPort = <wireguard port to listen to>;
+    endpointIP = "<public remote address>";
+    persistentKeepalive = 25;
+    peers = [ wireguard.shikoku ];
+  };
+  ssh = ssh;
+}
assets/ssh-keys.nix
@@ -1,9 +0,0 @@
-{
-  hokkaido = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFXtZRffTnh85lTatmeuYNNLmXsB02RI/ZuiDPdCAKIj vincent@hokkaido";
-  honshu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJiGh6j1mSXXXId0iTtdsEewW7EqWVcRgtt8wC3ktFWV vincent@honshu";
-  shikoku = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGR4dqXwHwPpYgyk6yl9+9LRL3qrBZp3ZWdyKaTiXp0p vincent@shikoku";
-  california = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICl4uBPx98p0m1ra4nKxaDvCP8TCou5J10gFUpYAuzp9 u0_a103@localhost";
-  massimo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIjO5Oh/3DbHCnVLTYH/B2cfBkFykvQDciarF6AOSgGw vincent@massimo";
-  carthage = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICX26NeAiLXejTywjVN83XCIvR8ZtYsP1+V8jJhamEhD vincent@carthage";
-  kerkouane = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane";
-}
profiles/users.nix
@@ -11,7 +11,7 @@
         shell = if config.programs.fish.enable then pkgs.fish else pkgs.bash;
         initialPassword = "changeMe";
         openssh.authorizedKeys.keys =
-          with import ../assets/ssh-keys.nix; [ honshu kerkouane hokkaido california shikoku massimo carthage ];
+          with import ../assets/machines.nix; [ ssh.honshu.key ssh.kerkouane.key ssh.hokkaido.key ssh.california.key ssh.shikoku.key ssh.massimo.key ssh.carthage.key ];
           subUidRanges = [{ startUid = 100000; count = 65536; }];
           subGidRanges = [{ startGid = 100000; count = 65536; }];
       };