Merge pull request 'barkeeper: add teutat3s SSH public key' (#191) from momo/teutat3s-ssh-public-key into momo/main
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #191
This commit is contained in:
commit
4b5955a164
|
@ -15,7 +15,7 @@ steps:
|
||||||
commands:
|
commands:
|
||||||
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
- 'echo DEBUG: Using NIX_FLAGS: $NIX_FLAGS'
|
||||||
- nix $$NIX_FLAGS develop --command nix flake show
|
- nix $$NIX_FLAGS develop --command nix flake show
|
||||||
- nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
|
- nix $$NIX_FLAGS build ".#nixosConfigurations.host_001_momo_koeln.config.system.build.toplevel"
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: pipeline
|
kind: pipeline
|
||||||
|
@ -147,6 +147,6 @@ volumes:
|
||||||
|
|
||||||
---
|
---
|
||||||
kind: signature
|
kind: signature
|
||||||
hmac: d6187b243c1939eaf2803830e784aa89dd20edda9ba205940cf6caa2c615b6c6
|
hmac: 4eafc30355db63df1c207a267669400120d18a479bf850923cd646f7cb0fabac
|
||||||
|
|
||||||
...
|
...
|
||||||
|
|
|
@ -1,21 +0,0 @@
|
||||||
{suites, ...}: {
|
|
||||||
### root password is empty by default ###
|
|
||||||
### default password: pub-solar, optional: add your SSH keys
|
|
||||||
imports =
|
|
||||||
suites.iso;
|
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
|
||||||
|
|
||||||
networking.networkmanager.enable = true;
|
|
||||||
|
|
||||||
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "22.05"; # Did you read the comment?
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
{
|
|
||||||
config,
|
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
profiles,
|
|
||||||
...
|
|
||||||
}:
|
|
||||||
with lib; let
|
|
||||||
# Gets hostname of host to be bundled inside iso
|
|
||||||
# Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
|
|
||||||
getFqdn = config: let
|
|
||||||
net = config.networking;
|
|
||||||
fqdn =
|
|
||||||
if (net ? domain) && (net.domain != null)
|
|
||||||
then "${net.hostName}.${net.domain}"
|
|
||||||
else net.hostName;
|
|
||||||
in
|
|
||||||
fqdn;
|
|
||||||
in {
|
|
||||||
# build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
|
|
||||||
imports = [
|
|
||||||
# profiles.networking
|
|
||||||
profiles.users.root # make sure to configure ssh keys
|
|
||||||
profiles.users.pub-solar
|
|
||||||
profiles.base-user
|
|
||||||
profiles.graphical
|
|
||||||
profiles.pub-solar-iso
|
|
||||||
];
|
|
||||||
|
|
||||||
config = {
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
|
||||||
|
|
||||||
# will be overridden by the bootstrapIso instrumentation
|
|
||||||
fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
|
|
||||||
|
|
||||||
system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
|
|
||||||
|
|
||||||
# mkForce because a similar transformation gets double applied otherwise
|
|
||||||
# https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
|
|
||||||
# https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
|
|
||||||
isoImage = {
|
|
||||||
isoBaseName = mkForce (getFqdn config);
|
|
||||||
isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
|
|
||||||
};
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.05"; # Did you read the comment?
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -34,6 +34,7 @@ in {
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
|
||||||
|
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -1,18 +0,0 @@
|
||||||
{hmUsers, ...}: {
|
|
||||||
home-manager.users = {inherit (hmUsers) pub-solar;};
|
|
||||||
|
|
||||||
pub-solar = {
|
|
||||||
# These are your personal settings
|
|
||||||
# The only required settings are `name` and `password`,
|
|
||||||
# for convenience, use publicKeys to add your SSH keys
|
|
||||||
# The rest is used for programs like git
|
|
||||||
user = {
|
|
||||||
name = "pub-solar";
|
|
||||||
# default password = pub-solar
|
|
||||||
password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
|
|
||||||
fullName = "Pub Solar";
|
|
||||||
email = "iso@pub.solar";
|
|
||||||
publicKeys = [];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
Loading…
Reference in a new issue