Merge pull request 'barkeeper: add teutat3s SSH public key' (#191) from momo/teutat3s-ssh-public-key into momo/main
All checks were successful
continuous-integration/drone/push Build is passing

Reviewed-on: #191
This commit is contained in:
hensoko 2023-03-07 10:54:47 +01:00
commit 4b5955a164
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
5 changed files with 3 additions and 95 deletions

View file

@ -15,7 +15,7 @@ steps:
commands: commands:
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS' - 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
- nix $$NIX_FLAGS develop --command nix flake show - nix $$NIX_FLAGS develop --command nix flake show
- nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel" - nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
--- ---
kind: pipeline kind: pipeline
@ -147,6 +147,6 @@ volumes:
--- ---
kind: signature kind: signature
hmac: d6187b243c1939eaf2803830e784aa89dd20edda9ba205940cf6caa2c615b6c6 hmac: 4eafc30355db63df1c207a267669400120d18a479bf850923cd646f7cb0fabac
... ...

View file

@ -1,21 +0,0 @@
{suites, ...}: {
### root password is empty by default ###
### default password: pub-solar, optional: add your SSH keys
imports =
suites.iso;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.networkmanager.enable = true;
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

View file

@ -1,54 +0,0 @@
{
config,
lib,
pkgs,
profiles,
...
}:
with lib; let
# Gets hostname of host to be bundled inside iso
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
getFqdn = config: let
net = config.networking;
fqdn =
if (net ? domain) && (net.domain != null)
then "${net.hostName}.${net.domain}"
else net.hostName;
in
fqdn;
in {
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
imports = [
# profiles.networking
profiles.users.root # make sure to configure ssh keys
profiles.users.pub-solar
profiles.base-user
profiles.graphical
profiles.pub-solar-iso
];
config = {
boot.loader.systemd-boot.enable = true;
# will be overridden by the bootstrapIso instrumentation
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
# mkForce because a similar transformation gets double applied otherwise
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
isoImage = {
isoBaseName = mkForce (getFqdn config);
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
}

View file

@ -34,6 +34,7 @@ in {
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
]; ];
}; };
}; };

View file

@ -1,18 +0,0 @@
{hmUsers, ...}: {
home-manager.users = {inherit (hmUsers) pub-solar;};
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,
# for convenience, use publicKeys to add your SSH keys
# The rest is used for programs like git
user = {
name = "pub-solar";
# default password = pub-solar
password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
fullName = "Pub Solar";
email = "iso@pub.solar";
publicKeys = [];
};
};
}