Browse Source

Generate SSH known hosts in lib

undefined
Emery Hemingway 8 months ago
parent
commit
19efbd7912

+ 18
- 5
host-registry.nix View File

@@ -1,8 +1,21 @@
1 1
 # Registry of C3D2 machines.
2 2
 
3
-let
4
-  hosts = [ "adc" "grafana" "hydra" "server7" "storage-ng" "pulsebert" "tox" ];
5
-in {
6
-  hqPublic = hosts;
7
-  hqPrivate = hosts;
3
+rec {
4
+  hosts = {
5
+    adc = { };
6
+    grafana.publicKey =
7
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
8
+    hydra.publicKey =
9
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
10
+    pulsebert.publicKey =
11
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
12
+    server7.publicKey =
13
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
14
+    storage-ng.publicKey =
15
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
16
+    tox = { };
17
+  };
18
+
19
+  hqPublic = builtins.attrNames hosts;
20
+  hqPrivate = builtins.attrNames hosts;
8 21
 }

+ 0
- 1
hosts/hydra/configuration.nix View File

@@ -7,7 +7,6 @@
7 7
     ./cache.nix
8 8
     ../../lib
9 9
     ../../lib/hq.nix
10
-    ../../lib/known-hosts.nix
11 10
     ../../lib/emery.nix
12 11
     ../../lib/buildfarmer.nix
13 12
     ../../lib/yggdrasil.nix

+ 0
- 1
hosts/hydra/ssh_host_ed25519_key.pub View File

@@ -1 +0,0 @@
1
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig root@adc

+ 0
- 1
hosts/hydra/ssh_host_rsa_key.pub View File

@@ -1 +0,0 @@
1
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfyXyzx7SOrRs1jwsJ/wIazY76O70M2YxZlh1JOBtejKdcuvLRiCZlbySPbD0kE9d1e/2T2gfJyW9T+20jciqqkVNJNrnUKkIe4gwklOkH3+x6+dIevtgbkuPEKV+4zFWIFrCj+uYKIHJeOFab+aANlSSYmFd7dVmF+DIzMOwUZvlppjv6q4iGNVyq198mfc1MDJDqkA6mIjFngpY03Ayh7SNtlR+CVlY827xW5Wh4M93bMvApz5hMxVTyV7pTigN+zMxrLoC/tKWPT24Rra1SihlLlFUlo5FQPPAdPJ8mkdAy5nm7tsBoD9u7NLSr+32/4v3ow+FnsVW/udLHalc99PMHjeIDAS0p5HC9UZXuiAzbGpNDtv25JmNcP2W+8PgKWuM7HGv1oTy9fDM2uaH2/XxWZAmsneCl51hz+nb6FZek2qQutjOA6mueQybuH4wT54irUkLUTx55wiUQ96MzeC0hWJpEXB8Xx7kvKwvWIkHq8fB8mvPZFg13Mw8LG39J6c0e7XgUU1rIjcqud0ynHIOO0bcVIIGT2fXQLPweaTntErszqiu+VyXyNwVU8/NbvNiezneM89yHYp5zCw3UbzsfsDs4M8vhOMHWH3YPfqCR12RwrcmySR+Z22FpgrsQHNlY3tRDnFb+gm27yFrWC0VzAz4t60rqpfgaQXwiXw== root@adc

+ 0
- 1
hosts/pulsebert/ssh_host_ed25519_key.pub View File

@@ -1 +0,0 @@
1
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG root@pulsebert

+ 0
- 1
hosts/pulsebert/ssh_host_rsa_key.pub View File

@@ -1 +0,0 @@
1
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkiECNp6xqmZHqyl+Z+klMJeiowXnQCaEna+PwsL7uWr3YhcRfVUlFM8/aN2FXHAiYePViLXVVYG2vEWW6K5SaC5abbL3zpTKtv33vW29fcrDJElCuV3WEZ+3QEyaq+c4A/mVoxsFhUsotvAmeuBe9wo2ZoGLDltETgyXMi3llTt3kG1TFdBgGNQlextubUnAw5ulqo/72OhlVOiBm4EsEXW16okkdYQ1bx1q/M24aTb9EhcUX4Z/q4zVs+pJ0AoiSw9Wal3kZUsTIKgrdaBJvr9IWrBZ5090RjbeMtT9nqcP6ZY0CEhlcpLsFCcYCt5wCuTudu7dxU2uavCcTgtO62vFdYKaasu6SGilBTs3prpZMhVnfi6VrgCcd9/7ZXgu2pxJvkPPRoLXLysfT5BvOy+YwkjA2ebNsjsaN/aB/VFmnnYZfdgDhdpuUkyDiO/kc2y1ZYzZp6vlUAtUWhgGVzyXjT9bz21eoF89Vvhaw2guQDjHk2tPqLf95iKHmY4YQ35sbkw4cRy8v1PP0bmZHgQguxWgRNRMxEo9quCHBYnsZrApKe5sUKSE/9WqI378x7+VGKDvEdMHyvJTw8VHvzuBKr/SONFn67ZC50uiMMjasnuAZYbVtcrkL09ITosev8Y/hxFmehL4wud5EDdOTTjYsIXUOW+ZTp0HrOW07wQ== root@pulsebert

+ 0
- 1
hosts/server7/configuration.nix View File

@@ -9,7 +9,6 @@ in {
9 9
     ../../lib/default-gateway.nix
10 10
     ../../lib/emery.nix
11 11
     ../../lib/buildfarmer.nix
12
-    ../../lib/known-hosts.nix
13 12
     ../../lib/yggdrasil.nix
14 13
     ./containers
15 14
     ./hardware-configuration.nix

+ 0
- 1
hosts/server7/ssh_host_ed25519_key.pub View File

@@ -1 +0,0 @@
1
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy root@nixbert

+ 0
- 1
hosts/server7/ssh_host_rsa_key.pub View File

@@ -1 +0,0 @@
1
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmCgVZbItFsh+hwfbX5EefNF4+LgSSQw20JmqZ7UOHMtTcmoJlykr82go1L6/Qd/rOoLClEmZ4Dr+6m6LrYpys2EhRX9XNA8JXqaohMvmroYMPR3ttBkxWQq939K2hiZ67vICTYeESrqVf7B5Cj8oLnef6mKLsjQ03EAUEhFWaowUDDceH4+/M5WRwhaqTvYo78Q2lJ2971rng3tbkKdk2hQnjTK4RLsIUgm2HTkoE81kQva+7NhB1S+fNc9pfg7bDDd1CV6H1xLMYPNYgT/ivFGtf+C2JZHGmWFkk1bk96OBD7tbjuXk4hlKDp5wPcQM+hM8jemqk6VHX2QL1JU3hlgbI+LttszzA4tPMeaaUKEs9QMrXlM/9l9meA0gUuFZL1biEXTHxL05t7vYom//PtBlLKtirZQZ2plVDAd37+f1ZCIHOT7goOeOJULhNqzLU7FTQ8Jx3JFVs9EPLqej3RTXDcP99Tc6OwwdcRUWFrRRU8071JkAw5uSKNnyRQxeh8otbXijPKqfw3Hc23E38wlVFoUI9IsohLQhaTTtdqnxAp3qJyONh3zIct+VN9uM87swsKGODEgsSfvb+46H/5pRPPHMJ4DHoG+8yF0Ohu4/fV68M6nIxcl7b3z4mzkQH8mm8kydCw46x7lwQMNon7bVF1dRW0bjRW/4b7od5aQ== root@nixbert

+ 0
- 1
hosts/storage-ng/ssh_host_ed25519_key.pub View File

@@ -1 +0,0 @@
1
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP root@storage-ng

+ 0
- 1
hosts/storage-ng/ssh_host_rsa_key.pub View File

@@ -1 +0,0 @@
1
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoNhS3lJw+UNl5wf9pagTnnsFXbF8niZQcSr+YFr5EOwcBKCcEBRcRw9Dz4PwpZ/my8PPafB1KNclayeDJuxcSUD0+B2yetZ1G1pJC4+7zRgBlhubCf9ACBfnstNrVPDUt0kE2d7P7hvPdqo5oAjDCEWwHxcgWJEBUZNhhpcJxexhUd3+34/DfVBN8+Y9WSrYQIYq3Lilm/xdEBvvSDDpEWsnFvLG/rXlK+bju9st/bLzf8a0WwaNuG1x5/enkA0eRM3tO7lNs+ojB3lhycm/odzJvxEP3ax52vuIUpOrkmiQUHIDOVwvkqIMy1XDI8yHvFrG2oZB+bA8baIb52uNUHFwowUHypj/dI0Wa0+33Yrq4HRA3Z0H+kcTe0PuJijmzxNtHqjN4c6mfGECVhnWtVhGQ9GKmx7/DLPTKXOsXUTsHKwuIPHPiXowC1moRvDt/qsnv+opPvBNx0sEwz0v4Ef390Tk69fG3f0eG+A7reTMUcxy5gDU4WTxs7DX/6hD+AUwqCrOvbiXA79KpqA8yfbRTbgInHfRXFLdFp0u/CvXER4ayKgkfmNe+RrDogoHnoZSuGLvuklK6liF2VhzIJ2YR6CV7nG6IEG1/G9cghQ1QCyEhCjEsAaTwn7x2NsoKHlBNuxB6Ov/VOxo4ecAmXxf0/m0QoE2VQRElvcGWpw== root@storage-ng

+ 27
- 0
lib/default.nix View File

@@ -149,6 +149,33 @@ in {
149 149
         };
150 150
       });
151 151
 
152
+    programs.ssh.knownHosts = with builtins;
153
+      let
154
+        hostNames = hostRegistry.hqPrivate;
155
+        intersectKeys = intersectAttrs {
156
+          publicKey = null;
157
+          publicKeyFile = null;
158
+        };
159
+        list = map (name:
160
+          let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts);
161
+          in if sshAttrs == { } then
162
+            null
163
+          else {
164
+            inherit name;
165
+            value = {
166
+              publicKey = null;
167
+              publicKeyFile = null;
168
+              hostNames = [
169
+                (toHqPrivateAddress name)
170
+                "${name}.hq.c3d2.de"
171
+                "${name}.hq"
172
+                name
173
+              ];
174
+            } // sshAttrs;
175
+          }) hostNames;
176
+        keyedHosts = filter (x: x != null) list;
177
+      in listToAttrs keyedHosts;
178
+
152 179
     services.collectd = lib.mkIf cfg.hq.statistics.enable {
153 180
       enable = true;
154 181
       autoLoadPlugin = true;

+ 0
- 14
lib/known-hosts.nix View File

@@ -1,14 +0,0 @@
1
-{ ... }: {
2
-  programs.ssh.knownHosts = let
3
-    hostNames = [ "hydra" "pulsebert" "server7" "hydra" ];
4
-    f = name: {
5
-      inherit name;
6
-      value = {
7
-        hostNames = [ name (name + ".hq.c3d2.de") ];
8
-        publicKeyFile = ../hosts + "/${name}/ssh_host_ed25519_key.pub";
9
-      };
10
-    };
11
-    hosts = map f hostNames;
12
-  in builtins.listToAttrs hosts;
13
-
14
-}

Loading…
Cancel
Save