enable ssh for quicker deployment
This commit is contained in:
parent
d61b297efa
commit
e239f1b73a
|
@ -0,0 +1 @@
|
||||||
|
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 stephan@mayhem
|
|
@ -11,7 +11,7 @@
|
||||||
let
|
let
|
||||||
inherit (self.nixosConfigurations) quakeserver;
|
inherit (self.nixosConfigurations) quakeserver;
|
||||||
|
|
||||||
remoteCommand = "ssh -Co ClearAllForwardings=yes sbz -- sudo lxc-attach -n quake-astro --";
|
remote = "2a01:4f9:4b:39ec::1c";
|
||||||
in rec {
|
in rec {
|
||||||
rootfs = quakeserver.config.system.build.toplevel;
|
rootfs = quakeserver.config.system.build.toplevel;
|
||||||
container = quakeserver.config.system.build.tarball;
|
container = quakeserver.config.system.build.tarball;
|
||||||
|
@ -20,8 +20,8 @@
|
||||||
writeScriptBin "deploy" ''
|
writeScriptBin "deploy" ''
|
||||||
#! ${runtimeShell} -e
|
#! ${runtimeShell} -e
|
||||||
|
|
||||||
nix-store --export $(cat ${writeReferencesToFile rootfs}) | pv -brep | ${remoteCommand} /run/current-system/sw/bin/nix-store --import
|
nix copy --to ssh://root@${remote} ${rootfs}
|
||||||
${remoteCommand} ${rootfs}/bin/switch-to-configuration switch
|
ssh root@${remote} ${rootfs}/bin/switch-to-configuration switch
|
||||||
'';
|
'';
|
||||||
} //
|
} //
|
||||||
import ./pkgs/baseq3.nix (inputs // { inherit system; })
|
import ./pkgs/baseq3.nix (inputs // { inherit system; })
|
||||||
|
|
|
@ -15,10 +15,14 @@
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
systemd.network.enable = false;
|
systemd.network.enable = false;
|
||||||
services.resolved.enable = false;
|
services.resolved.enable = false;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 22 ];
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = false;
|
startWhenNeeded = true;
|
||||||
startWhenNeeded = false;
|
permitRootLogin = "prohibit-password";
|
||||||
};
|
};
|
||||||
|
users.users.root.openssh.authorizedKeys.keyFiles = [
|
||||||
|
../astro.pub
|
||||||
|
];
|
||||||
|
|
||||||
environment.noXlibs = false;
|
environment.noXlibs = false;
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
Loading…
Reference in New Issue