forked from c3d2/nix-config
Generate SSH known hosts in lib
This commit is contained in:
parent
0ec4127225
commit
f2548258f5
|
@ -1,8 +1,21 @@
|
|||
# Registry of C3D2 machines.
|
||||
|
||||
let
|
||||
hosts = [ "adc" "grafana" "hydra" "server7" "storage-ng" "pulsebert" "tox" ];
|
||||
in {
|
||||
hqPublic = hosts;
|
||||
hqPrivate = hosts;
|
||||
rec {
|
||||
hosts = {
|
||||
adc = { };
|
||||
grafana.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
|
||||
hydra.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
|
||||
pulsebert.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
|
||||
server7.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
|
||||
storage-ng.publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
|
||||
tox = { };
|
||||
};
|
||||
|
||||
hqPublic = builtins.attrNames hosts;
|
||||
hqPrivate = builtins.attrNames hosts;
|
||||
}
|
||||
|
|
|
@ -7,7 +7,6 @@
|
|||
./cache.nix
|
||||
../../lib
|
||||
../../lib/hq.nix
|
||||
../../lib/known-hosts.nix
|
||||
../../lib/emery.nix
|
||||
../../lib/buildfarmer.nix
|
||||
../../lib/yggdrasil.nix
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig root@adc
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfyXyzx7SOrRs1jwsJ/wIazY76O70M2YxZlh1JOBtejKdcuvLRiCZlbySPbD0kE9d1e/2T2gfJyW9T+20jciqqkVNJNrnUKkIe4gwklOkH3+x6+dIevtgbkuPEKV+4zFWIFrCj+uYKIHJeOFab+aANlSSYmFd7dVmF+DIzMOwUZvlppjv6q4iGNVyq198mfc1MDJDqkA6mIjFngpY03Ayh7SNtlR+CVlY827xW5Wh4M93bMvApz5hMxVTyV7pTigN+zMxrLoC/tKWPT24Rra1SihlLlFUlo5FQPPAdPJ8mkdAy5nm7tsBoD9u7NLSr+32/4v3ow+FnsVW/udLHalc99PMHjeIDAS0p5HC9UZXuiAzbGpNDtv25JmNcP2W+8PgKWuM7HGv1oTy9fDM2uaH2/XxWZAmsneCl51hz+nb6FZek2qQutjOA6mueQybuH4wT54irUkLUTx55wiUQ96MzeC0hWJpEXB8Xx7kvKwvWIkHq8fB8mvPZFg13Mw8LG39J6c0e7XgUU1rIjcqud0ynHIOO0bcVIIGT2fXQLPweaTntErszqiu+VyXyNwVU8/NbvNiezneM89yHYp5zCw3UbzsfsDs4M8vhOMHWH3YPfqCR12RwrcmySR+Z22FpgrsQHNlY3tRDnFb+gm27yFrWC0VzAz4t60rqpfgaQXwiXw== root@adc
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG root@pulsebert
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkiECNp6xqmZHqyl+Z+klMJeiowXnQCaEna+PwsL7uWr3YhcRfVUlFM8/aN2FXHAiYePViLXVVYG2vEWW6K5SaC5abbL3zpTKtv33vW29fcrDJElCuV3WEZ+3QEyaq+c4A/mVoxsFhUsotvAmeuBe9wo2ZoGLDltETgyXMi3llTt3kG1TFdBgGNQlextubUnAw5ulqo/72OhlVOiBm4EsEXW16okkdYQ1bx1q/M24aTb9EhcUX4Z/q4zVs+pJ0AoiSw9Wal3kZUsTIKgrdaBJvr9IWrBZ5090RjbeMtT9nqcP6ZY0CEhlcpLsFCcYCt5wCuTudu7dxU2uavCcTgtO62vFdYKaasu6SGilBTs3prpZMhVnfi6VrgCcd9/7ZXgu2pxJvkPPRoLXLysfT5BvOy+YwkjA2ebNsjsaN/aB/VFmnnYZfdgDhdpuUkyDiO/kc2y1ZYzZp6vlUAtUWhgGVzyXjT9bz21eoF89Vvhaw2guQDjHk2tPqLf95iKHmY4YQ35sbkw4cRy8v1PP0bmZHgQguxWgRNRMxEo9quCHBYnsZrApKe5sUKSE/9WqI378x7+VGKDvEdMHyvJTw8VHvzuBKr/SONFn67ZC50uiMMjasnuAZYbVtcrkL09ITosev8Y/hxFmehL4wud5EDdOTTjYsIXUOW+ZTp0HrOW07wQ== root@pulsebert
|
|
@ -9,7 +9,6 @@ in {
|
|||
../../lib/default-gateway.nix
|
||||
../../lib/emery.nix
|
||||
../../lib/buildfarmer.nix
|
||||
../../lib/known-hosts.nix
|
||||
../../lib/yggdrasil.nix
|
||||
./containers
|
||||
./hardware-configuration.nix
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy root@nixbert
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmCgVZbItFsh+hwfbX5EefNF4+LgSSQw20JmqZ7UOHMtTcmoJlykr82go1L6/Qd/rOoLClEmZ4Dr+6m6LrYpys2EhRX9XNA8JXqaohMvmroYMPR3ttBkxWQq939K2hiZ67vICTYeESrqVf7B5Cj8oLnef6mKLsjQ03EAUEhFWaowUDDceH4+/M5WRwhaqTvYo78Q2lJ2971rng3tbkKdk2hQnjTK4RLsIUgm2HTkoE81kQva+7NhB1S+fNc9pfg7bDDd1CV6H1xLMYPNYgT/ivFGtf+C2JZHGmWFkk1bk96OBD7tbjuXk4hlKDp5wPcQM+hM8jemqk6VHX2QL1JU3hlgbI+LttszzA4tPMeaaUKEs9QMrXlM/9l9meA0gUuFZL1biEXTHxL05t7vYom//PtBlLKtirZQZ2plVDAd37+f1ZCIHOT7goOeOJULhNqzLU7FTQ8Jx3JFVs9EPLqej3RTXDcP99Tc6OwwdcRUWFrRRU8071JkAw5uSKNnyRQxeh8otbXijPKqfw3Hc23E38wlVFoUI9IsohLQhaTTtdqnxAp3qJyONh3zIct+VN9uM87swsKGODEgsSfvb+46H/5pRPPHMJ4DHoG+8yF0Ohu4/fV68M6nIxcl7b3z4mzkQH8mm8kydCw46x7lwQMNon7bVF1dRW0bjRW/4b7od5aQ== root@nixbert
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP root@storage-ng
|
|
@ -1 +0,0 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoNhS3lJw+UNl5wf9pagTnnsFXbF8niZQcSr+YFr5EOwcBKCcEBRcRw9Dz4PwpZ/my8PPafB1KNclayeDJuxcSUD0+B2yetZ1G1pJC4+7zRgBlhubCf9ACBfnstNrVPDUt0kE2d7P7hvPdqo5oAjDCEWwHxcgWJEBUZNhhpcJxexhUd3+34/DfVBN8+Y9WSrYQIYq3Lilm/xdEBvvSDDpEWsnFvLG/rXlK+bju9st/bLzf8a0WwaNuG1x5/enkA0eRM3tO7lNs+ojB3lhycm/odzJvxEP3ax52vuIUpOrkmiQUHIDOVwvkqIMy1XDI8yHvFrG2oZB+bA8baIb52uNUHFwowUHypj/dI0Wa0+33Yrq4HRA3Z0H+kcTe0PuJijmzxNtHqjN4c6mfGECVhnWtVhGQ9GKmx7/DLPTKXOsXUTsHKwuIPHPiXowC1moRvDt/qsnv+opPvBNx0sEwz0v4Ef390Tk69fG3f0eG+A7reTMUcxy5gDU4WTxs7DX/6hD+AUwqCrOvbiXA79KpqA8yfbRTbgInHfRXFLdFp0u/CvXER4ayKgkfmNe+RrDogoHnoZSuGLvuklK6liF2VhzIJ2YR6CV7nG6IEG1/G9cghQ1QCyEhCjEsAaTwn7x2NsoKHlBNuxB6Ov/VOxo4ecAmXxf0/m0QoE2VQRElvcGWpw== root@storage-ng
|
|
@ -149,6 +149,33 @@ in {
|
|||
};
|
||||
});
|
||||
|
||||
programs.ssh.knownHosts = with builtins;
|
||||
let
|
||||
hostNames = hostRegistry.hqPrivate;
|
||||
intersectKeys = intersectAttrs {
|
||||
publicKey = null;
|
||||
publicKeyFile = null;
|
||||
};
|
||||
list = map (name:
|
||||
let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts);
|
||||
in if sshAttrs == { } then
|
||||
null
|
||||
else {
|
||||
inherit name;
|
||||
value = {
|
||||
publicKey = null;
|
||||
publicKeyFile = null;
|
||||
hostNames = [
|
||||
(toHqPrivateAddress name)
|
||||
"${name}.hq.c3d2.de"
|
||||
"${name}.hq"
|
||||
name
|
||||
];
|
||||
} // sshAttrs;
|
||||
}) hostNames;
|
||||
keyedHosts = filter (x: x != null) list;
|
||||
in listToAttrs keyedHosts;
|
||||
|
||||
services.collectd = lib.mkIf cfg.hq.statistics.enable {
|
||||
enable = true;
|
||||
autoLoadPlugin = true;
|
||||
|
|
|
@ -1,14 +0,0 @@
|
|||
{ ... }: {
|
||||
programs.ssh.knownHosts = let
|
||||
hostNames = [ "hydra" "pulsebert" "server7" "hydra" ];
|
||||
f = name: {
|
||||
inherit name;
|
||||
value = {
|
||||
hostNames = [ name (name + ".hq.c3d2.de") ];
|
||||
publicKeyFile = ../hosts + "/${name}/ssh_host_ed25519_key.pub";
|
||||
};
|
||||
};
|
||||
hosts = map f hostNames;
|
||||
in builtins.listToAttrs hosts;
|
||||
|
||||
}
|
Loading…
Reference in New Issue
Block a user