diff --git a/host-registry.nix b/host-registry.nix index 88d77eed..e56e8bde 100644 --- a/host-registry.nix +++ b/host-registry.nix @@ -1,8 +1,21 @@ # Registry of C3D2 machines. -let - hosts = [ "adc" "grafana" "hydra" "server7" "storage-ng" "pulsebert" "tox" ]; -in { - hqPublic = hosts; - hqPrivate = hosts; +rec { + hosts = { + adc = { }; + grafana.publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y"; + hydra.publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig"; + pulsebert.publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG"; + server7.publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy"; + storage-ng.publicKey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP"; + tox = { }; + }; + + hqPublic = builtins.attrNames hosts; + hqPrivate = builtins.attrNames hosts; } diff --git a/hosts/hydra/configuration.nix b/hosts/hydra/configuration.nix index 4cb691c0..ab912046 100644 --- a/hosts/hydra/configuration.nix +++ b/hosts/hydra/configuration.nix @@ -7,7 +7,6 @@ ./cache.nix ../../lib ../../lib/hq.nix - ../../lib/known-hosts.nix ../../lib/emery.nix ../../lib/buildfarmer.nix ../../lib/yggdrasil.nix diff --git a/hosts/hydra/ssh_host_ed25519_key.pub b/hosts/hydra/ssh_host_ed25519_key.pub deleted file mode 100644 index 41573915..00000000 --- a/hosts/hydra/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig root@adc diff --git a/hosts/hydra/ssh_host_rsa_key.pub b/hosts/hydra/ssh_host_rsa_key.pub deleted file mode 100644 index 1438102f..00000000 --- a/hosts/hydra/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfyXyzx7SOrRs1jwsJ/wIazY76O70M2YxZlh1JOBtejKdcuvLRiCZlbySPbD0kE9d1e/2T2gfJyW9T+20jciqqkVNJNrnUKkIe4gwklOkH3+x6+dIevtgbkuPEKV+4zFWIFrCj+uYKIHJeOFab+aANlSSYmFd7dVmF+DIzMOwUZvlppjv6q4iGNVyq198mfc1MDJDqkA6mIjFngpY03Ayh7SNtlR+CVlY827xW5Wh4M93bMvApz5hMxVTyV7pTigN+zMxrLoC/tKWPT24Rra1SihlLlFUlo5FQPPAdPJ8mkdAy5nm7tsBoD9u7NLSr+32/4v3ow+FnsVW/udLHalc99PMHjeIDAS0p5HC9UZXuiAzbGpNDtv25JmNcP2W+8PgKWuM7HGv1oTy9fDM2uaH2/XxWZAmsneCl51hz+nb6FZek2qQutjOA6mueQybuH4wT54irUkLUTx55wiUQ96MzeC0hWJpEXB8Xx7kvKwvWIkHq8fB8mvPZFg13Mw8LG39J6c0e7XgUU1rIjcqud0ynHIOO0bcVIIGT2fXQLPweaTntErszqiu+VyXyNwVU8/NbvNiezneM89yHYp5zCw3UbzsfsDs4M8vhOMHWH3YPfqCR12RwrcmySR+Z22FpgrsQHNlY3tRDnFb+gm27yFrWC0VzAz4t60rqpfgaQXwiXw== root@adc diff --git a/hosts/pulsebert/ssh_host_ed25519_key.pub b/hosts/pulsebert/ssh_host_ed25519_key.pub deleted file mode 100644 index e2b3269f..00000000 --- a/hosts/pulsebert/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG root@pulsebert diff --git a/hosts/pulsebert/ssh_host_rsa_key.pub b/hosts/pulsebert/ssh_host_rsa_key.pub deleted file mode 100644 index 789465d7..00000000 --- a/hosts/pulsebert/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkiECNp6xqmZHqyl+Z+klMJeiowXnQCaEna+PwsL7uWr3YhcRfVUlFM8/aN2FXHAiYePViLXVVYG2vEWW6K5SaC5abbL3zpTKtv33vW29fcrDJElCuV3WEZ+3QEyaq+c4A/mVoxsFhUsotvAmeuBe9wo2ZoGLDltETgyXMi3llTt3kG1TFdBgGNQlextubUnAw5ulqo/72OhlVOiBm4EsEXW16okkdYQ1bx1q/M24aTb9EhcUX4Z/q4zVs+pJ0AoiSw9Wal3kZUsTIKgrdaBJvr9IWrBZ5090RjbeMtT9nqcP6ZY0CEhlcpLsFCcYCt5wCuTudu7dxU2uavCcTgtO62vFdYKaasu6SGilBTs3prpZMhVnfi6VrgCcd9/7ZXgu2pxJvkPPRoLXLysfT5BvOy+YwkjA2ebNsjsaN/aB/VFmnnYZfdgDhdpuUkyDiO/kc2y1ZYzZp6vlUAtUWhgGVzyXjT9bz21eoF89Vvhaw2guQDjHk2tPqLf95iKHmY4YQ35sbkw4cRy8v1PP0bmZHgQguxWgRNRMxEo9quCHBYnsZrApKe5sUKSE/9WqI378x7+VGKDvEdMHyvJTw8VHvzuBKr/SONFn67ZC50uiMMjasnuAZYbVtcrkL09ITosev8Y/hxFmehL4wud5EDdOTTjYsIXUOW+ZTp0HrOW07wQ== root@pulsebert diff --git a/hosts/server7/configuration.nix b/hosts/server7/configuration.nix index e7960553..6f0fd735 100644 --- a/hosts/server7/configuration.nix +++ b/hosts/server7/configuration.nix @@ -9,7 +9,6 @@ in { ../../lib/default-gateway.nix ../../lib/emery.nix ../../lib/buildfarmer.nix - ../../lib/known-hosts.nix ../../lib/yggdrasil.nix ./containers ./hardware-configuration.nix diff --git a/hosts/server7/ssh_host_ed25519_key.pub b/hosts/server7/ssh_host_ed25519_key.pub deleted file mode 100644 index 23f9e73f..00000000 --- a/hosts/server7/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy root@nixbert diff --git a/hosts/server7/ssh_host_rsa_key.pub b/hosts/server7/ssh_host_rsa_key.pub deleted file mode 100644 index fe52fc7a..00000000 --- a/hosts/server7/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmCgVZbItFsh+hwfbX5EefNF4+LgSSQw20JmqZ7UOHMtTcmoJlykr82go1L6/Qd/rOoLClEmZ4Dr+6m6LrYpys2EhRX9XNA8JXqaohMvmroYMPR3ttBkxWQq939K2hiZ67vICTYeESrqVf7B5Cj8oLnef6mKLsjQ03EAUEhFWaowUDDceH4+/M5WRwhaqTvYo78Q2lJ2971rng3tbkKdk2hQnjTK4RLsIUgm2HTkoE81kQva+7NhB1S+fNc9pfg7bDDd1CV6H1xLMYPNYgT/ivFGtf+C2JZHGmWFkk1bk96OBD7tbjuXk4hlKDp5wPcQM+hM8jemqk6VHX2QL1JU3hlgbI+LttszzA4tPMeaaUKEs9QMrXlM/9l9meA0gUuFZL1biEXTHxL05t7vYom//PtBlLKtirZQZ2plVDAd37+f1ZCIHOT7goOeOJULhNqzLU7FTQ8Jx3JFVs9EPLqej3RTXDcP99Tc6OwwdcRUWFrRRU8071JkAw5uSKNnyRQxeh8otbXijPKqfw3Hc23E38wlVFoUI9IsohLQhaTTtdqnxAp3qJyONh3zIct+VN9uM87swsKGODEgsSfvb+46H/5pRPPHMJ4DHoG+8yF0Ohu4/fV68M6nIxcl7b3z4mzkQH8mm8kydCw46x7lwQMNon7bVF1dRW0bjRW/4b7od5aQ== root@nixbert diff --git a/hosts/storage-ng/ssh_host_ed25519_key.pub b/hosts/storage-ng/ssh_host_ed25519_key.pub deleted file mode 100644 index 5f9794a6..00000000 --- a/hosts/storage-ng/ssh_host_ed25519_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP root@storage-ng diff --git a/hosts/storage-ng/ssh_host_rsa_key.pub b/hosts/storage-ng/ssh_host_rsa_key.pub deleted file mode 100644 index 4056a772..00000000 --- a/hosts/storage-ng/ssh_host_rsa_key.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoNhS3lJw+UNl5wf9pagTnnsFXbF8niZQcSr+YFr5EOwcBKCcEBRcRw9Dz4PwpZ/my8PPafB1KNclayeDJuxcSUD0+B2yetZ1G1pJC4+7zRgBlhubCf9ACBfnstNrVPDUt0kE2d7P7hvPdqo5oAjDCEWwHxcgWJEBUZNhhpcJxexhUd3+34/DfVBN8+Y9WSrYQIYq3Lilm/xdEBvvSDDpEWsnFvLG/rXlK+bju9st/bLzf8a0WwaNuG1x5/enkA0eRM3tO7lNs+ojB3lhycm/odzJvxEP3ax52vuIUpOrkmiQUHIDOVwvkqIMy1XDI8yHvFrG2oZB+bA8baIb52uNUHFwowUHypj/dI0Wa0+33Yrq4HRA3Z0H+kcTe0PuJijmzxNtHqjN4c6mfGECVhnWtVhGQ9GKmx7/DLPTKXOsXUTsHKwuIPHPiXowC1moRvDt/qsnv+opPvBNx0sEwz0v4Ef390Tk69fG3f0eG+A7reTMUcxy5gDU4WTxs7DX/6hD+AUwqCrOvbiXA79KpqA8yfbRTbgInHfRXFLdFp0u/CvXER4ayKgkfmNe+RrDogoHnoZSuGLvuklK6liF2VhzIJ2YR6CV7nG6IEG1/G9cghQ1QCyEhCjEsAaTwn7x2NsoKHlBNuxB6Ov/VOxo4ecAmXxf0/m0QoE2VQRElvcGWpw== root@storage-ng diff --git a/lib/default.nix b/lib/default.nix index 702d6e91..ad795d37 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -149,6 +149,33 @@ in { }; }); + programs.ssh.knownHosts = with builtins; + let + hostNames = hostRegistry.hqPrivate; + intersectKeys = intersectAttrs { + publicKey = null; + publicKeyFile = null; + }; + list = map (name: + let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts); + in if sshAttrs == { } then + null + else { + inherit name; + value = { + publicKey = null; + publicKeyFile = null; + hostNames = [ + (toHqPrivateAddress name) + "${name}.hq.c3d2.de" + "${name}.hq" + name + ]; + } // sshAttrs; + }) hostNames; + keyedHosts = filter (x: x != null) list; + in listToAttrs keyedHosts; + services.collectd = lib.mkIf cfg.hq.statistics.enable { enable = true; autoLoadPlugin = true; diff --git a/lib/known-hosts.nix b/lib/known-hosts.nix deleted file mode 100644 index b04a8cf0..00000000 --- a/lib/known-hosts.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ ... }: { - programs.ssh.knownHosts = let - hostNames = [ "hydra" "pulsebert" "server7" "hydra" ]; - f = name: { - inherit name; - value = { - hostNames = [ name (name + ".hq.c3d2.de") ]; - publicKeyFile = ../hosts + "/${name}/ssh_host_ed25519_key.pub"; - }; - }; - hosts = map f hostNames; - in builtins.listToAttrs hosts; - -}