enable ssh for quicker deployment

This commit is contained in:
Astro 2021-12-02 02:43:25 +01:00
parent d61b297efa
commit e239f1b73a
3 changed files with 10 additions and 5 deletions

1
astro.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGJJTSJdpDh82486uPiMhhyhnci4tScp5uUe7156MBC8 stephan@mayhem

View File

@ -11,7 +11,7 @@
let
inherit (self.nixosConfigurations) quakeserver;
remoteCommand = "ssh -Co ClearAllForwardings=yes sbz -- sudo lxc-attach -n quake-astro --";
remote = "2a01:4f9:4b:39ec::1c";
in rec {
rootfs = quakeserver.config.system.build.toplevel;
container = quakeserver.config.system.build.tarball;
@ -20,8 +20,8 @@
writeScriptBin "deploy" ''
#! ${runtimeShell} -e
nix-store --export $(cat ${writeReferencesToFile rootfs}) | pv -brep | ${remoteCommand} /run/current-system/sw/bin/nix-store --import
${remoteCommand} ${rootfs}/bin/switch-to-configuration switch
nix copy --to ssh://root@${remote} ${rootfs}
ssh root@${remote} ${rootfs}/bin/switch-to-configuration switch
'';
} //
import ./pkgs/baseq3.nix (inputs // { inherit system; })

View File

@ -15,10 +15,14 @@
networking.useDHCP = false;
systemd.network.enable = false;
services.resolved.enable = false;
networking.firewall.allowedTCPPorts = [ 22 ];
services.openssh = {
enable = false;
startWhenNeeded = false;
startWhenNeeded = true;
permitRootLogin = "prohibit-password";
};
users.users.root.openssh.authorizedKeys.keyFiles = [
../astro.pub
];
environment.noXlibs = false;
environment.systemPackages = with pkgs; [