Merge pull request 'add missing kernel package' (#250 ) from feature/add-missing-kernel-module-for-initrd into momo/main

Reviewed-on: pub-solar/os#250 Reviewed-by: teutat3s <teutates@mailbox.org>
chore: update blesh in nvfetcher to fix build
2023-10-13 11:27:06 +02:00 · 2023-10-09 21:09:47 +02:00 · 2023-10-08 14:44:51 +02:00 · 2023-07-28 16:44:56 +02:00 · 2023-07-20 00:17:59 +02:00 · 2023-07-20 00:13:49 +02:00
23 changed files with 477 additions and 144 deletions
--- a/.drone.yml
+++ b/.drone.yml
@ -1,7 +1,7 @@
 ---
 kind: pipeline
 type: exec
-name: Check
+name: Check and deploy
 node:
  hosttype: baremetal
@ -17,7 +17,27 @@ steps:
      - nix $$NIX_FLAGS develop --command nix flake show
      - nix $$NIX_FLAGS develop --command treefmt --fail-on-change
      - nix $$NIX_FLAGS develop --command editorconfig-checker
-      - nix $$NIX_FLAGS build ".#nixosConfigurations.PubSolarOS.config.system.build.toplevel"
+      - nix $$NIX_FLAGS build ".#nixosConfigurations.pioneer-momo-koeln.config.system.build.toplevel"
  - name: "Deploy"
    when:
      event:
        - push
      branch:
        - momo/main
    environment:
      NIX_FLAGS: "--print-build-logs --verbose --accept-flake-config"
      PRIVATE_SSH_KEY:
        from_secret: ci_private_ssh_key
      SSH_HOST_KEY: "80.244.242.4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj"
    commands:
      - mkdir $$HOME/.ssh && chmod 700 $$HOME/.ssh
      - echo "$$PRIVATE_SSH_KEY" > $$HOME/.ssh/id_ed25519 && chmod 600 $$HOME/.ssh/id_ed25519
      - echo "$$SSH_HOST_KEY" > $$HOME/.ssh/known_hosts
      # SSH uses HOME from /etc/passwd, not from the environment, so override it
      - export SSHOPTS="-o UserKnownHostsFile=$$HOME/.ssh/known_hosts -i $$HOME/.ssh/id_ed25519"
      - "echo DEBUG: Using NIX_FLAGS: $$NIX_FLAGS"
      - nix $$NIX_FLAGS develop --command deploy --magic-rollback false --skip-checks --targets '.#pioneer-momo-koeln' --ssh-opts="$$SSHOPTS"
 ---
 kind: pipeline
@ -78,9 +98,6 @@ steps:
        from_secret: matrix_password
      template: "Test run triggered by tag: {{ build.tag }}. Test run exit status: {{ build.status }}. Artifacts uploaded to Manta: https://eu-central.manta.greenbaum.cloud/pub_solar/public/ci/{{ repo.Owner }}/{{ repo.Name }}/{{ build.number }}/foot_wayland_info.png"
 depends_on:
  - Tests
 trigger:
  ref:
    - refs/tags/v*
@ -134,9 +151,6 @@ steps:
      unlink_first: true
      strip_components: 3
 depends_on:
  - Check
 trigger:
  branch:
    - main
@ -149,6 +163,6 @@ volumes:
 ---
 kind: signature
-hmac: a116f78a0b22188052893bdb46aa40f8de66438826c10ced362ea183d7644d67
+hmac: 5d46ef38857edc6476c89285db1583a0dbff7558ff9fb13befd8743bac94489b
 ...
--- a/flake.lock
+++ b/flake.lock
@ -89,6 +89,31 @@
        "type": "github"
      }
    },
    "devshell_2": {
      "inputs": {
        "nixpkgs": [
          "erpnext",
          "nixpkgs"
        ],
        "systems": [
          "erpnext",
          "systems"
        ]
      },
      "locked": {
        "lastModified": 1688380630,
        "narHash": "sha256-8ilApWVb1mAi4439zS3iFeIT0ODlbrifm/fegWwgHjA=",
        "owner": "numtide",
        "repo": "devshell",
        "rev": "f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205",
        "type": "github"
      },
      "original": {
        "owner": "numtide",
        "repo": "devshell",
        "type": "github"
      }
    },
    "digga": {
      "inputs": {
        "darwin": [
@ -129,6 +154,32 @@
        "type": "github"
      }
    },
    "erpnext": {
      "inputs": {
        "agenix": [
          "agenix"
        ],
        "devshell": "devshell_2",
        "nixpkgs": [
          "nixos"
        ],
        "systems": "systems"
      },
      "locked": {
        "lastModified": 1689804718,
        "narHash": "sha256-55XcyfO+jWDwQ09x4+DpoSXcVd8pDRTkyXEaT/Y82AY=",
        "ref": "main",
        "rev": "66e6c685d0ea0d475cdbfbb77c9920c52a610c27",
        "revCount": 35,
        "type": "git",
        "url": "https://git.pub.solar/axeman/erpnext-nix"
      },
      "original": {
        "ref": "main",
        "type": "git",
        "url": "https://git.pub.solar/axeman/erpnext-nix"
      }
    },
    "flake-compat": {
      "flake": false,
      "locked": {
@ -199,7 +250,7 @@
    },
    "flake-utils_3": {
      "inputs": {
-        "systems": "systems"
+        "systems": "systems_2"
      },
      "locked": {
        "lastModified": 1687171271,
@ -236,34 +287,13 @@
        "type": "github"
      }
    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
          "agenix",
          "nixpkgs"
        ]
      },
      "locked": {
        "lastModified": 1682203081,
        "narHash": "sha256-kRL4ejWDhi0zph/FpebFYhzqlOBrk0Pl3dzGEKSAlEw=",
        "owner": "nix-community",
        "repo": "home-manager",
        "rev": "32d3e39c491e2f91152c84f8ad8b003420eab0a1",
        "type": "github"
      },
      "original": {
        "owner": "nix-community",
        "repo": "home-manager",
        "type": "github"
      }
    },
    "latest": {
      "locked": {
-        "lastModified": 1688231357,
+        "lastModified": 1689192006,
-        "narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=",
+        "narHash": "sha256-QM0f0d8oPphOTYJebsHioR9+FzJcy1QNIzREyubB91U=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "645ff62e09d294a30de823cb568e9c6d68e92606",
+        "rev": "2de8efefb6ce7f5e4e75bdf57376a96555986841",
        "type": "github"
      },
      "original": {
@ -275,11 +305,11 @@
    },
    "nixos": {
      "locked": {
-        "lastModified": 1688109178,
+        "lastModified": 1689209875,
-        "narHash": "sha256-BSdeYp331G4b1yc7GIRgAnfUyaktW2nl7k0C577Tttk=",
+        "narHash": "sha256-8AVcBV1DiszaZzHFd5iLc8HSLfxRAuqcU0QdfBEF3Ag=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "b72aa95f7f096382bff3aea5f8fde645bca07422",
+        "rev": "fcc147b1e9358a8386b2c4368bd928e1f63a7df2",
        "type": "github"
      },
      "original": {
@ -350,6 +380,7 @@
        "darwin": "darwin",
        "deploy": "deploy",
        "digga": "digga",
        "erpnext": "erpnext",
        "flake-compat": "flake-compat",
        "home": "home",
        "latest": "latest",
@ -373,6 +404,21 @@
        "type": "github"
      }
    },
    "systems_2": {
      "locked": {
        "lastModified": 1681028828,
        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
        "owner": "nix-systems",
        "repo": "default",
        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
        "type": "github"
      },
      "original": {
        "owner": "nix-systems",
        "repo": "default",
        "type": "github"
      }
    },
    "utils": {
      "locked": {
        "lastModified": 1667395993,
--- a/flake.nix
+++ b/flake.nix
@ -38,6 +38,10 @@
    nvfetcher.url = "github:berberman/nvfetcher";
    nvfetcher.inputs.nixpkgs.follows = "nixos";
    nvfetcher.inputs.flake-compat.follows = "flake-compat";
    erpnext.url = "git+https://git.pub.solar/axeman/erpnext-nix?ref=main";
    erpnext.inputs.nixpkgs.follows = "nixos";
    erpnext.inputs.agenix.follows = "agenix";
  };
  outputs = {
@ -49,6 +53,7 @@
    agenix,
    deploy,
    nvfetcher,
    erpnext,
    ...
  } @ inputs:
    digga.lib.mkFlake
@ -86,6 +91,8 @@
          });
        })
        agenix.overlays.default
        erpnext.overlays.default
        erpnext.overlays.pythonOverlay
        nvfetcher.overlays.default
        (import ./pkgs)
@ -124,6 +131,11 @@
              #})
            ];
          };
          pioneer-momo-koeln = {
            modules = [
              erpnext.nixosModules.erpnext
            ];
          };
        };
        importables = rec {
          profiles =
@ -132,10 +144,9 @@
              users = digga.lib.rakeLeaves ./users;
            };
          suites = with profiles; rec {
-            base = [users.pub-solar users.root];
+            base = [base-user cachix users.root users.barkeeper];
-            iso = base ++ [base-user graphical pub-solar-iso];
+
-            pubsolaros = [full-install base-user users.root];
+            pioneer-momo-koeln = base;
            anonymous = [pubsolaros users.pub-solar];
          };
        };
      };
@ -150,10 +161,10 @@
          };
        };
        users = {
-          pub-solar = {suites, ...}: {
+          barkeeper = {suites, ...}: {
            imports = suites.base;
-            home.stateVersion = "21.03";
+            home.stateVersion = "22.05";
          };
        }; # digga.lib.importers.rakeLeaves ./users/hm;
      };
@ -163,6 +174,10 @@
      homeConfigurations = digga.lib.mkHomeConfigurations self.nixosConfigurations;
      deploy.nodes = digga.lib.mkDeployNodes self.nixosConfigurations {
        pioneer-momo-koeln = {
          hostname = "80.244.242.4";
          sshUser = "barkeeper";
        };
        #example = {
        #  hostname = "example.com:22";
        #  sshUser = "bartender";
--- a/hosts/PubSolarOS.nix
+++ b/hosts/PubSolarOS.nix
@ -1,21 +0,0 @@
 {suites, ...}: {
  ### root password is empty by default ###
  ### default password: pub-solar, optional: add your SSH keys
  imports =
    suites.iso;
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  networking.networkmanager.enable = true;
  fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "22.05"; # Did you read the comment?
 }
--- a/hosts/bootstrap.nix
+++ b/hosts/bootstrap.nix
@ -1,54 +0,0 @@
 {
  config,
  lib,
  pkgs,
  profiles,
  ...
 }:
 with lib; let
  # Gets hostname of host to be bundled inside iso
  # Copied from https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L3-L11
  getFqdn = config: let
    net = config.networking;
    fqdn =
      if (net ? domain) && (net.domain != null)
      then "${net.hostName}.${net.domain}"
      else net.hostName;
  in
    fqdn;
 in {
  # build with: `nix build ".#nixosConfigurations.bootstrap.config.system.build.isoImage"`
  imports = [
    # profiles.networking
    profiles.users.root # make sure to configure ssh keys
    profiles.users.pub-solar
    profiles.base-user
    profiles.graphical
    profiles.pub-solar-iso
  ];
  config = {
    boot.loader.systemd-boot.enable = true;
    # will be overridden by the bootstrapIso instrumentation
    fileSystems."/" = {device = "/dev/disk/by-label/nixos";};
    system.nixos.label = "PubSolarOS-" + config.system.nixos.version;
    # mkForce because a similar transformation gets double applied otherwise
    # https://github.com/divnix/digga/blob/30ffa0b02272dc56c94fd3c7d8a5a0f07ca197bf/modules/bootstrap-iso.nix#L17
    # https://github.com/NixOS/nixpkgs/blob/aecd4d8349b94f9bd5718c74a5b789f233f67326/nixos/modules/installer/cd-dvd/installation-cd-base.nix#L21-L22
    isoImage = {
      isoBaseName = mkForce (getFqdn config);
      isoName = mkForce "${config.system.nixos.label}-${config.isoImage.isoBaseName}-${pkgs.stdenv.hostPlatform.system}.iso";
    };
    # This value determines the NixOS release from which the default
    # settings for stateful data, like file locations and database versions
    # on your system were taken. It‘s perfectly fine and recommended to leave
    # this value at the release version of the first install of this system.
    # Before changing this value read the documentation for this option
    # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
    system.stateVersion = "21.05"; # Did you read the comment?
  };
 }
--- a/hosts/pioneer-momo-koeln/caddy.nix
+++ b/hosts/pioneer-momo-koeln/caddy.nix
@ -0,0 +1,23 @@
 {config, ...}: {
  # Changing the Caddyfile should only trigger a reload, not a restart
  systemd.services.caddy.reloadTriggers = [
    config.services.caddy.configFile
  ];
  services.caddy = {
    enable = true;
    email = "wg-tooling@list.momo.koeln";
    virtualHosts = {
      "auth.momo.koeln" = {
        logFormat = ''
          output discard
        '';
        extraConfig = ''
          reverse_proxy :8080
        '';
      };
    };
  };
  networking.firewall.allowedTCPPorts = [80 443];
 }
--- a/hosts/pioneer-momo-koeln/configuration.nix
+++ b/hosts/pioneer-momo-koeln/configuration.nix
@ -0,0 +1,44 @@
 {
  config,
  latestModulesPath,
  lib,
  pkgs,
  ...
 }: {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
    ./caddy.nix
    ./keycloak.nix
    ./erpnext.nix
    "${latestModulesPath}/services/web-servers/caddy/default.nix"
  ];
  disabledModules = [
    "services/web-servers/caddy/default.nix"
  ];
  pub-solar.core.lite = true;
  time.timeZone = "Europe/Berlin";
  networking = {
    useDHCP = false;
    interfaces.enp1s0.ipv4.addresses = [
      {
        address = "80.244.242.4";
        prefixLength = 29;
      }
    ];
    defaultGateway = "80.244.242.1";
    nameservers = ["95.129.51.51" "80.244.244.244"];
  };
  # Enable the OpenSSH daemon.
  services.openssh.enable = true;
  system.stateVersion = "22.05";
 }
--- a/hosts/pioneer-momo-koeln/default.nix
+++ b/hosts/pioneer-momo-koeln/default.nix
@ -0,0 +1,7 @@
 {suites, ...}: {
  imports =
    [
      ./pioneer-momo-koeln.nix
    ]
    ++ suites.pioneer-momo-koeln;
 }
--- a/hosts/pioneer-momo-koeln/erpnext.nix
+++ b/hosts/pioneer-momo-koeln/erpnext.nix
@ -0,0 +1,38 @@
 {
  config,
  lib,
  inputs,
  pkgs,
  self,
  ...
 }: {
  age.secrets.erpnext-admin-password = {
    file = "${self}/secrets/erpnext-admin-password.age";
    mode = "700";
    owner = "erpnext";
  };
  age.secrets.erpnext-db-root-password = {
    file = "${self}/secrets/erpnext-db-root-password.age";
    mode = "700";
    owner = "erpnext";
  };
  age.secrets.erpnext-db-user-password = {
    file = "${self}/secrets/erpnext-db-user-password.age";
    mode = "700";
    owner = "erpnext";
  };
  # erpnext
  services.erpnext = {
    enable = true;
    domain = "erp.momo.koeln";
    # Secrets
    adminPasswordFile = config.age.secrets.erpnext-admin-password.path;
    database.rootPasswordFile = config.age.secrets.erpnext-db-root-password.path;
    database.userPasswordFile = config.age.secrets.erpnext-db-user-password.path;
    # Required to enable caddy
    caddy = {};
  };
 }
--- a/hosts/pioneer-momo-koeln/hardware-configuration.nix
+++ b/hosts/pioneer-momo-koeln/hardware-configuration.nix
@ -0,0 +1,54 @@
 {
  config,
  pkgs,
  lib,
  ...
 }: {
  # Use the GRUB 2 boot loader.
  boot.loader.systemd-boot.enable = false;
  boot.loader.grub.enable = true;
  # boot.loader.grub.efiSupport = true;
  # boot.loader.grub.efiInstallAsRemovable = true;
  # boot.loader.efi.efiSysMountPoint = "/boot/efi";
  # Define on which hard drive you want to install Grub.
  boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
  boot.initrd.availableKernelModules = ["ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" "dm-snapshot" "kvm-intel" "virtio_scsi" "uas"];
  boot.extraModulePackages = [];
  boot.initrd.luks.devices."cryptroot" = {
    device = "/dev/disk/by-uuid/531ee357-5777-498f-abbf-64bb4cff9a14";
  };
  fileSystems."/" = {
    device = "/dev/disk/by-uuid/f5b3152a-a3bd-46d1-968f-53d50fca921e";
    fsType = "ext4";
  };
  fileSystems."/boot" = {
    device = "/dev/disk/by-uuid/1fd053f8-725b-418d-aed1-aee71dac2b62";
    fsType = "ext4";
  };
  swapDevices = [
    {device = "/dev/disk/by-uuid/967d1933-131d-4b56-8aa9-15c11ff940c9";}
  ];
  networking = {
    defaultGateway = "80.244.242.1";
    nameservers = ["95.129.51.51" "80.244.244.244"];
    interfaces."enp1s0" = {
      ipv4.addresses = [
        {
          address = "80.244.242.4";
          prefixLength = 29;
        }
      ];
    };
  };
  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/hosts/pioneer-momo-koeln/keycloak.nix
+++ b/hosts/pioneer-momo-koeln/keycloak.nix
@ -0,0 +1,25 @@
 {
  config,
  lib,
  inputs,
  pkgs,
  self,
  ...
 }: {
  age.secrets.keycloak-database-password = {
    file = "${self}/secrets/keycloak-database-password.age";
    mode = "700";
  };
  # keycloak
  services.keycloak = {
    enable = true;
    database.passwordFile = config.age.secrets.keycloak-database-password.path;
    settings = {
      hostname = "auth.momo.koeln";
      http-host = "127.0.0.1";
      http-port = 8080;
      proxy = "edge";
    };
  };
 }
--- a/hosts/pioneer-momo-koeln/pioneer-momo-koeln.nix
+++ b/hosts/pioneer-momo-koeln/pioneer-momo-koeln.nix
@ -0,0 +1,14 @@
 {
  config,
  pkgs,
  lib,
  ...
 }:
 with lib;
 with pkgs; let
  psCfg = config.pub-solar;
 in {
  imports = [
    ./configuration.nix
  ];
 }
--- a/pkgs/_sources/generated.nix
+++ b/pkgs/_sources/generated.nix
@ -3,17 +3,17 @@
 {
  blesh-nvfetcher = {
    pname = "blesh-nvfetcher";
-    version = "1afc616b890e487926897e5b3e3a33e0ad833cb3";
+    version = "9d84b424daf31b192891c06275fff316fa5ddd35";
    src = fetchFromGitHub {
      owner = "akinomyoga";
      repo = "ble.sh";
-      rev = "1afc616b890e487926897e5b3e3a33e0ad833cb3";
+      rev = "9d84b424daf31b192891c06275fff316fa5ddd35";
      fetchSubmodules = true;
      deepClone = false;
      leaveDotGit = true;
-      sha256 = "sha256-gDxx7nDleS2HWIJWc208gcTzuRUEu/JCyepTuOJDAGo=";
+      sha256 = "sha256-7aX5UtDB9pUHHeOi9n+qWsM2KGenHVL6O18vG9W8tmQ=";
    };
-    date = "2023-06-29";
+    date = "2023-10-02";
  };
  instant-nvim-nvfetcher = {
    pname = "instant-nvim-nvfetcher";
--- a/profiles/base-user/default.nix
+++ b/profiles/base-user/default.nix
@ -13,12 +13,15 @@ in {
  users = {
    mutableUsers = false;
    groups."${psCfg.user.name}" = {};
    users = with pkgs;
      pkgs.lib.setAttrByPath [psCfg.user.name] {
        # Indicates whether this is an account for a “real” user.
        # This automatically sets group to users, createHome to true,
        # home to /home/username, useDefaultShell to true, and isSystemUser to false.
        isNormalUser = true;
        group = "${psCfg.user.name}";
        description = psCfg.user.description;
        extraGroups = [
          "input"
--- a/profiles/cachix/default.nix
+++ b/profiles/cachix/default.nix
@ -0,0 +1,12 @@
 {
  pkgs,
  lib,
  ...
 }: let
  folder = ./.;
  toImport = name: value: folder + ("/" + name);
  filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key && key != "default.nix";
  imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
 in {
  inherit imports;
 }
--- a/profiles/cachix/pub-solar.nix
+++ b/profiles/cachix/pub-solar.nix
@ -0,0 +1,10 @@
 {
  nix.settings = {
    substituters = [
      "https://pub-solar.cachix.org"
    ];
    trusted-public-keys = [
      "pub-solar.cachix.org-1:ZicXIxKgdxMtgSJECWR8iihZxHRvu8ObL4n2cuBmtos="
    ];
  };
 }
--- a/secrets/erpnext-admin-password.age
+++ b/secrets/erpnext-admin-password.age
--- a/secrets/erpnext-db-root-password.age
+++ b/secrets/erpnext-db-root-password.age
@ -0,0 +1,31 @@
 age-encryption.org/v1
 -> ssh-ed25519 uYcDNw R6BTv8G6nl8CNTmjRcMm/WhL4uKh8UdteVz7jVbXJzk
 fVKaNaK6BZzstSp45ONpM9/pgKADQvlnNGF/k4QUFbM
 -> ssh-rsa kFDS0A
 nB5/Huns9tUmb5t0Giua6sd8ACjpbMNB06gcR9CQ13vktOfSXf9ii0qjME8nycmi
 fZstK5O0E+nSJoF7wX/fVM/5FIzLjZmQQvPbixgOWsr7+egDBWVscbpbxN1sf5bi
 WsRzSWzDhkrgNBEyg7M5VR2RcXf2FSNjss2d0DlKwIw6HU2F9vbR/COE28kREkPM
 E3JsyOZ5qkgRgkdfyD8kuYkCKF/hnkW49bJWPnCIgR/Mc3RueGljQh+Tmc5fuk3I
 I47xXsbkc4AAHkXVzw/HUsQUTemnWh90aMVFITkGF2ia4I2PV90lcJ7Y4rEi32pN
 JYek8I+io1CpOwNN+WEMxMGZwv1xJdDGloC8aBTZzqGnbIjDAYlQ0QqRcfes9eNb
 qUkW80wbPCPZOygAbnE9Ud0d+lsOyoKbsDMuLEM6hCL8XFAvkfHfmgseOvdoQBNk
 +HMmf/SkZM6eMcdO3YWNShcQM6h/WCr7zOBs9JoUO7wnSsSy4T8ZXzjrvoiBzHCB
 iiOZSHhvcX2ncflwCsP8yf2+eUp26qJRKM65ZKAhV6H3P4hC848RTusj+DRe76vE
 Fr36Xol2jXw8aoNZXNobgemE+uRmpDeDdNfrI7nRDzjOPuBY1vs/CeW692w8/YjZ
 3ExQswGdkBKbCyJL5O/hGd019+/0wETlE5Hlrovy/O4
 -> ssh-ed25519 hPyiJw tDYF74+DRNWfAzHcCSFojlSYg4AgdthDM00UwG8LXSA
 /fp2jPNxzYhCKXD5g/eqC31buMBFiel3jC+RfKit66M
 -> ssh-ed25519 YFSOsg +tDnXLwW+oVgDsjI15yshcI2KaKhADgVR1oWIqYEVzY
 R4pMIeQ78orCj7l5E8LD4ZSEtBhwtqcuSb6byOSuhTI
 -> ssh-ed25519 iHV63A qwPRT9Sqcwfmp7KGSFXEj3RTWWiwD17wrEfwYx127TA
 Od9cP3jhO0e2VI0St8m9d6P7TYib7ZNabdq808lhYsg
 -> ssh-ed25519 1bbksA s8FuQCn8yQtRtwwZ0oVrTnptC31ad4eG4Hm6K/HGPgU
 odI7d6qX2Om17wmsm/VdEqLGbdk6gUzprQ3i/zDxa+k
 -> ssh-ed25519 BVsyTA fZB0tnkvNfiv8yY173NmhzHHlDQkScNtFE9GpE4lJAo
 AYZyonEaAATvgz3OgSI4WNu2hJdDkNmhq5+0NU4+IJg
 -> N-grease z=0OX_v` ,=~E
 j78YWSSwlj6xEyJT5DZra8S037G4RNR3sf9hxZL5EMYlmMeaolb5B8oJN7tN5WbH
 zPRZ9HIsRsA/+/76z4D8lqVJjZIfK7Hb7OoZb8EgyB0kJBycpd86IEUcfj65hEKU
 --- 3k/CdnvpyhoxyB15yBikQjtyOiAUmGEkzxsGRObsBqg
 `Æõªt`TÀ[‹Ö<>ÏÅÇzW–‚ùã³ó ãø>ÄAØ¦ãÆùã<>‹®^Psè<73>¡Nœ± iþ¯<C3BE>#`º,
--- a/secrets/erpnext-db-user-password.age
+++ b/secrets/erpnext-db-user-password.age
@ -0,0 +1,31 @@
 age-encryption.org/v1
 -> ssh-ed25519 uYcDNw 5YJH2FYCKHSwNXFVrfzRTB37pmd4mL8y/I4pieU84RQ
 JQKHK97WkTC9QO1GNZv/q3VZUgcisrKc1twqtLPkKOo
 -> ssh-rsa kFDS0A
 e0nMtUJhAAk5d36AIyS2p7N+RbO7J6oSyxPap4dIoReCEjGJej7qMuYTm7nD3DK/
 8XpTflPskKMXHXNkjyQ/H9FcTFwaHBmSoRJLo0lVFfCROzyXiTpKowdqeRRp9ss7
 9Fj0vc9tdKfHDm3h4UyBnOAL9sZ3/49VNbnARI5luUoikVtKeIGR7hwU9AvMCcIh
 YXiqhQRGUZx1w+vIaiD/lr0Qwf2bVIH+w9Gg5C53ROlNDuV8plHRFKJZJAnnUn5k
 4YrcCjiIL3VtwLKK/O14wOwcdSOt3Q0GnMAJMqriVHGxZqeZDAlQaacEDcLRN3wx
 GCzMbGRY8JEVrrHDr/wOcbjhrKd1nX1LnKVD8yVwxFtToLFmg7Vk50B1l62sXsFa
 1Dpb5t4gh3zu0GAfgALEQ88LxEk+31n59noSjgMCwSKCuU5uUx1hrEx+sDifOzYV
 zlNNzkuPqzvxlmpU5q8OOiJHJ0hY7RcL9i2dO57nl1dg8r9MkhRw3d7z/zLcAmjG
 rtgDib8tvnKz+azLA77J+SiijJaVM9dQQf0aWchcid3WbXv+LTYHB4SETfborujg
 tYF48SFHo4c1+FGiz/kBsb9paJNoSikqcsP6rV0HVl9fwkHtMZpPlF5843Eh1XM6
 BLQMQOuabR5NQSRrDB42WQ2t08Dd7tcNf6A0seHR4GM
 -> ssh-ed25519 hPyiJw 9RYiF1PRsRWNopGSVJpPe52zUNEl6Yu3q5aqoLxXWRo
 L2+cuDp6S4IViqkmTR6XF7ey39cWm2xh8wQnh5OxlXQ
 -> ssh-ed25519 YFSOsg pyU//r9w5oA4WqBjTivOCV0soTgM7URPcp1sB3VYiRk
 G92ulppLfvGXDe2vYkgVg60s3oKxq2YEx260EzSRL80
 -> ssh-ed25519 iHV63A h04fyhCuz8JUX4Fl4uD7xDrO3Cbm4fto21BK8EFJ3FY
 25NrhusX8PTjf8esrERbpMOS+OnwnGgR1oBTFp7Rync
 -> ssh-ed25519 1bbksA K5FpHSD72LKfwnJcN8qKLGf+3shNVfmo2Pamh7IopEs
 yDnkTUv6tRirnvdjYXVJoklLDXf6n/VBYCiCM2UaYfU
 -> ssh-ed25519 BVsyTA +vWsqL/+5gpnn8ygD5RlSlJDbmvKAd7L3sk/jAOKRQc
 EwuoXHYlTO+gdM7SA/TMmpXw8RGSKoRpYqjmfuYrKrw
 -> ..6XqV-grease 1 #+:[Jz D v8hZh
 VaqjfUTgm4UiD8LaSgxeZaLdFM8DVEnBOxG6FMgqUbf2IQUTOk3Odsb0SYfzCax8
 B4uXP5eXc8FgZAhME7Pv0eJHQ9kcP90BIf+YbbSs0PAWBp0cl9YIhadhMS4vmWA
 --- kb+aOKZo3hrIIQpxxOc5bz9r0ZAPDtcHVGxdHoAfcnc
 ÔåöòÇZ2©mŠ´6ïv&¿¦õ÷ÂÞR?çi|¦_<òcqt˜<74>²ýS¾Ñ¯ÏGü02ÁÞÈ’
 ;$‡a<E280A1>‡~Y
--- a/secrets/keycloak-database-password.age
+++ b/secrets/keycloak-database-password.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,8 +1,24 @@
 let
  # set ssh public keys here for your system and user
-  system = "";
+  host_001_momo_koeln = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE7XTCHfX6ta8EtkdOcZLnpdhMmXDfTebVMs4NC8JEPj root@nixos";
-  user = "";
+  axeman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU @axeman";
-  allKeys = [system user];
+  b12f-bbcom = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmXpOU6vzQiVSSYCoxHYv7wDxC63Qg3dxlAMR6AOzwIABCU5PFFNcO0NWYms/YR7MOViorl+19LCLRABar9JgHU1n+uqxKV6eGph3OPeMp5sN8LAh7C9N+TZj8iJzBxQ3ch+Z/LdmLRwYNJ7KSUI+gwGK6xRS3+z1022Y4P0G0sx7IeCBl4lealQEIIF10ZOfjUdBcLQar7XTc5AxyGKnHCerXHRtccCoadLQujk0AvPXbv3Ma4JwX9X++AnCWRWakqS5UInu2tGuZ/6Hrjd2a9AKWjTaBVDcbYqCvY4XVuMj2/A2bCceFBaoi41apybSk26FSFTU4qiEUNQ6lxeOwG4+1NCXyHe2bGI4VyoxinDYa8vLLzXIRfTRA0qoGfCweXNeWPf0jMqASkUKaSOH5Ot7O5ps34r0j9pWzavDid8QeKJPyhxKuF1a5G4iBEZ0O9vuti60dPSjJPci9oTxbune2/jb7Sa0yO06DtLFJ2ncr5f70s/BDxKk4XIwQLy+KsvzlQEGdY8yA6xv28bOGxL3sQ0HE2pDTsvIbAisVOKzdJeolStL9MM5W8Hg0r/KkGj2bg0TfoRp1xHV9hjKkvJrsQ6okaPvNFeZq0HXzPhWMOVQ+/46z80uaQ1ByRLr3FTwuWJ7F/73ndfxiq6bDE4z2Ji0vOjeWJm6HCxTdGw==";
  teutat3s-dumpyourvms = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcU6KPy4b1MQXd6EJhcYwbJu7E+0IrBZF/IP6T7gbMf teutat3s@dumpyourvms";
  hensoko_nitrokey_1 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135";
  hensoko_harrison = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb hensoko@harrison";
  hensoko_norman = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work";
  allKeys = [
    axeman
    b12f-bbcom
    hensoko_nitrokey_1
    hensoko_harrison
    hensoko_norman
    host_001_momo_koeln
    teutat3s-dumpyourvms
  ];
 in {
-  "secret.age".publicKeys = allKeys;
+  "keycloak-database-password.age".publicKeys = allKeys;
  "erpnext-admin-password.age".publicKeys = allKeys;
  "erpnext-db-root-password.age".publicKeys = allKeys;
  "erpnext-db-user-password.age".publicKeys = allKeys;
 }
--- a/users/barkeeper/default.nix
+++ b/users/barkeeper/default.nix
@ -0,0 +1,43 @@
 {
  config,
  hmUsers,
  pkgs,
  lib,
  ...
 }: let
  psCfg = config.pub-solar;
 in {
  config = {
    home-manager.users = {inherit (hmUsers) barkeeper;};
    security.sudo.extraRules = [
      {
        users = ["${psCfg.user.name}"];
        commands = [
          {
            command = "ALL";
            options = ["NOPASSWD"];
          }
        ];
      }
    ];
    pub-solar = {
      user = {
        name = "barkeeper";
        description = "momo deployment user";
        fullName = "momo infra barkeeper";
        email = "admins@momo.koeln";
        gpgKeyId = "";
        publicKeys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/58A18EtxnLYHu63c/+AyTSkJQSso/VVdHUFGp1CTk cardno:FFFE34353135 @hensoko"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEbaQdxp7Flz6ttELe63rn+Nt9g43qJOLih6VCMP4gPb @hensoko"
          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFro/k4Mgqyh8yV/7Zwjc0dv60ZM7bROBU9JNd99P/4co6fxPt1pJiU/pEz2Dax/HODxgcO+jFZfvPEuLMCeAl0= YubiKey #10593996 PIV Slot 9a @teutat3s"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGP5MvCwNRtCcP1pSDrn0XZTNlpOqYnjHDm9/OI4hECW @ci-drone-runner"
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNeQYLFauAbzDyIbKC86NUh9yZfiyBm/BtIdkcpZnSU @axeman"
        ];
      };
    };
  };
 }
--- a/users/pub-solar/default.nix
+++ b/users/pub-solar/default.nix
@ -1,18 +0,0 @@
 {hmUsers, ...}: {
  home-manager.users = {inherit (hmUsers) pub-solar;};
  pub-solar = {
    # These are your personal settings
    # The only required settings are `name` and `password`,
    # for convenience, use publicKeys to add your SSH keys
    # The rest is used for programs like git
    user = {
      name = "pub-solar";
      # default password = pub-solar
      password = "$6$Kv0BCLU2Jg7GN8Oa$hc2vERKCbZdczFqyHPfgCaleGP.JuOWyd.bfcIsLDNmExGXI6Rnkze.SWzVzVS311KBznN/P4uUYAUADXkVtr.";
      fullName = "Pub Solar";
      email = "iso@pub.solar";
      publicKeys = [];
    };
  };
 }
Author	SHA1	Message	Date
b12f	7d3a471cf2	Merge pull request 'add missing kernel package' (#250 ) from feature/add-missing-kernel-module-for-initrd into momo/main Reviewed-on: pub-solar/os#250 Reviewed-by: teutat3s <teutates@mailbox.org>	2023-10-13 11:27:06 +02:00
teutat3s	d91c70f097	chore: update blesh in nvfetcher to fix build	2023-10-09 21:09:47 +02:00
teutat3s	2231649de8	Fix formatting to make treefmt happy	2023-10-08 14:44:51 +02:00
Hendrik Sokolowski	be2109a0e9	add missing kernel package	2023-07-28 16:44:56 +02:00
teutat3s	552fb9a2a4	Merge pull request 'erpnext: Fix broken websockets' (#246 ) from momo/erpnext-fix-websockets into momo/main Reviewed-on: pub-solar/os#246	2023-07-20 00:17:59 +02:00
teutat3s	38eb97c733	erpnext: Fix broken websockets See: axeman/erpnext#66e6c685d0ea0d475cdbfbb77c9920c52a610c27	2023-07-20 00:13:49 +02:00
teutat3s	998d08863c	Merge pull request 'erpnext: fix premailer dependency' (#245 ) from momo/erpnext-fix-premailer into momo/main Reviewed-on: pub-solar/os#245	2023-07-18 13:31:12 +02:00
teutat3s	9a05853839	erpnext: fix premailer dependency See: `e74f2d0f04`	2023-07-18 13:26:59 +02:00
teutat3s	e9e3eba67f	Merge pull request 'erpnext: fix temporary failure in name resolution' (#244 ) from momo/erpnext-fix-dns into momo/main Reviewed-on: pub-solar/os#244	2023-07-18 12:29:29 +02:00
teutat3s	fb38ecb073	erpnext: fix temporary failure in name resolution	2023-07-18 12:26:11 +02:00
teutat3s	04a21183bc	Merge pull request 'flake: Use nixos-23.05 for erpnext input' (#243 ) from momo/erpnext-nixpkgs-23.05 into momo/main Reviewed-on: pub-solar/os#243	2023-07-18 02:47:46 +02:00
teutat3s	2f0b24b3a9	flake: Use nixos-23.05 for erpnext input The override did not work and the resulting python penv was broken (e.g. missing the bench, erpnext, frappe packages).	2023-07-18 02:38:34 +02:00
teutat3s	874c687fe2	Merge pull request 'flake: bump input erpnext' (#242 ) from momo/erpnext-fix-web into momo/main Reviewed-on: pub-solar/os#242	2023-07-18 02:00:05 +02:00
teutat3s	99b039b50c	flake: bump input erpnext • Updated input 'erpnext': 'git+https://git.pub.solar/axeman/erpnext-nix?ref=main&rev=44a0598bd1e7533033cd9d1170de7d83dff80a2f' (2023-07-17) → 'git+https://git.pub.solar/axeman/erpnext-nix?ref=main&rev=9c8a36de8b9c1a379528ed35365f69fdca14677c' (2023-07-17)	2023-07-18 01:56:44 +02:00
teutat3s	e35e988371	Merge pull request 'flake: Bump erpnext input flake to fix systemd' (#241 ) from momo/erpnext-fix-module into momo/main Reviewed-on: pub-solar/os#241	2023-07-18 01:44:06 +02:00
teutat3s	7b863263f5	flake: Bump erpnext input flake to fix systemd dependencies • Updated input 'erpnext': 'git+https://git.pub.solar/axeman/erpnext-nix?ref=main&rev=28a47059b7b723f2709a4f81384015ae4e8f8562' (2023-07-17) → 'git+https://git.pub.solar/axeman/erpnext-nix?ref=main&rev=44a0598bd1e7533033cd9d1170de7d83dff80a2f' (2023-07-17) • Updated input 'erpnext/devshell': 'github:numtide/devshell/6b2554d28d46bfa6e24b941e999a145760dad0e1' (2023-06-05) → 'github:numtide/devshell/f9238ec3d75cefbb2b42a44948c4e8fb1ae9a205' (2023-07-03) • Updated input 'erpnext/nixpkgs': 'github:NixOS/nixpkgs/6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222' (2023-07-16) → 'github:NixOS/nixpkgs/6cee3b5893090b0f5f0a06b4cf42ca4e60e5d222' (2023-07-16)	2023-07-18 01:40:12 +02:00
teutat3s	255fc27737	Merge pull request 'pioneer: Fix path to erpnext database secrets' (#240 ) from momo/erpnext-fix-secrets2 into momo/main Reviewed-on: pub-solar/os#240	2023-07-17 23:08:34 +02:00
teutat3s	cd41d38b29	pioneer: Fix path to erpnext database secrets	2023-07-17 23:06:14 +02:00
teutat3s	6781fa356b	Merge pull request 'pioneer: Fix path to erpnext secrets' (#239 ) from momo/erpnext-fix-secrets into momo/main Reviewed-on: pub-solar/os#239 Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>	2023-07-17 23:00:45 +02:00
teutat3s	4e91376386	pioneer: Fix path to erpnext secrets	2023-07-17 22:58:15 +02:00
teutat3s	ca9f2f60ea	Merge pull request 'momo/main [pioneer]: Add erpnext' (#238 ) from momo/erpnext into momo/main Reviewed-on: pub-solar/os#238 Reviewed-by: Akshay Mankar <axeman@noreply.git.pub.solar>	2023-07-17 22:52:54 +02:00
teutat3s	437b841312	pioneer: Add erpnext	2023-07-17 22:40:52 +02:00
teutat3s	b00f13f490	Merge pull request 'chore/update-momo-main-07-23' (#237 ) from chore/update-momo-main-07-23 into momo/main Reviewed-on: pub-solar/os#237 Reviewed-by: teutat3s <teutates@mailbox.org>	2023-07-15 03:08:43 +02:00
teutat3s	16b35e607f	Bump flake inputs nixos + latest in lockfile • Updated input 'latest': 'github:nixos/nixpkgs/645ff62e09d294a30de823cb568e9c6d68e92606' (2023-07-01) → 'github:nixos/nixpkgs/2de8efefb6ce7f5e4e75bdf57376a96555986841' (2023-07-12) • Updated input 'nixos': 'github:nixos/nixpkgs/b72aa95f7f096382bff3aea5f8fde645bca07422' (2023-06-30) → 'github:nixos/nixpkgs/fcc147b1e9358a8386b2c4368bd928e1f63a7df2' (2023-07-13)	2023-07-13 21:20:18 +02:00
teutat3s	1d3eadb471	Apply treefmt	2023-07-13 21:20:11 +02:00
Benjamin Bädorf	c977bfba38	Merge branch 'main' into momo/main	2023-07-13 18:18:59 +02:00
hensoko	e6b5fdf925	Merge pull request 'rename host-001' (#224 ) from feature/rename-host-001 into momo/main Reviewed-on: pub-solar/os#224 Reviewed-by: teutat3s <teutates@mailbox.org>	2023-05-13 23:28:45 +02:00
Hendrik Sokolowski	be19dd7477	rename host-001 to pioneer	2023-04-26 21:38:36 +02:00
Akshay Mankar	96df48c33a	Merge pull request '001_momo_koeln: Install caddy and keycloak' (#214 ) from momo/keycloak into momo/main Reviewed-on: pub-solar/os#214 Reviewed-by: teutat3s <teutates@mailbox.org>	2023-04-25 18:02:43 +02:00
Akshay Mankar	5c894c5265	Rekey agenix secrets	2023-04-25 12:10:02 +02:00
teutat3s	a5061b8947	secrets: add host keys for hensoko	2023-04-25 10:18:54 +02:00
teutat3s	41939956c5	secrets: add host keys for b12f + teutat3s	2023-04-25 10:14:46 +02:00
teutat3s	b55dace1ea	Merge branch 'momo/main' into momo/keycloak	2023-04-25 09:49:13 +02:00
teutat3s	9efce1619a	Merge pull request 'host_001_momo_koeln: fix swap UUID and initrd boot modules' (#223 ) from momo/fix-swap-uuid into momo/main Reviewed-on: pub-solar/os#223 Reviewed-by: hensoko <hensoko@gssws.de>	2023-04-24 18:02:29 +02:00
teutat3s	db53f9f1be	host_001_momo_koeln: fix initrd kernelModules boot.initrd.kernelModules overrides boot.initrd.availableKernelModules and forces the initrd to load only those modules. This leads to the host being unbootable in this case because of missing required modules. availableKernelModules is the correct place for desired modules. This got fixed during a debugging session of hensoko and teutat3s, but not implemented in nix code until now.	2023-04-24 13:13:12 +02:00
teutat3s	2692b2dc20	host_001_momo_koeln: fix swap UUID This got changed while debugging boot failures on this host, by re-creating swap.	2023-04-24 13:05:05 +02:00
b12f	211f1d16d0	Merge pull request 'momo/main: merge main branch' (#219 ) from momo-merge-main into momo/main Reviewed-on: pub-solar/os#219 Reviewed-by: b12f <hello@benjaminbaedorf.eu>	2023-04-24 12:50:47 +02:00
teutat3s	4faf4267a3	Merge branch 'main' into momo-merge-main	2023-04-18 10:45:27 +02:00
Akshay Mankar	4c4c4cab0b	secrets: Add keycloak-database-password	2023-04-17 18:41:44 +02:00
Akshay Mankar	8b8280d07e	secrets: Add keys for axeman and host_001_momo_koeln	2023-04-17 18:41:44 +02:00
Akshay Mankar	a0a92d27c9	001_momo_koeln: Add caddy	2023-04-17 18:41:42 +02:00
Akshay Mankar	6e6e5857fd	001_momo_koeln: Add keycloak	2023-04-17 18:41:26 +02:00
teutat3s	366d3b1278	Merge pull request '001_momo_koeln: Add @axeman 's key to barkeeper's authorized_keys' (#213 ) from momo/add-axeman-key into momo/main Reviewed-on: pub-solar/os#213 Reviewed-by: teutat3s <teutates@mailbox.org>	2023-03-31 16:44:25 +02:00
Akshay Mankar	48d55417bd	001_momo_koeln: Add @axeman 's key to barkeeper's authorized_keys	2023-03-31 16:40:13 +02:00
teutat3s	ea18402f21	Merge pull request 'main-to-momo-main' (#212 ) from main-to-momo-main into momo/main Reviewed-on: pub-solar/os#212 Reviewed-by: teutat3s <teutates@mailbox.org>	2023-03-31 16:19:07 +02:00
Akshay Mankar	3992ca0d5f	Merge branch 'main' into main-to-momo-main	2023-03-31 16:15:10 +02:00
teutat3s	43bd742150	Merge pull request 'ci: fix Host key verification failed' (#205 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#205	2023-03-08 14:13:03 +01:00
teutat3s	b21b98dadd	ci: fix Host key verification failed - Fix missing SSH known_hosts in deploy pipeline - SSH tries to use Trust-On-First-Use (TOFU) interactively to add a new host key - Verbose SSH logs show: debug1: Server host key: ssh-ed25519 SHA256:1bbksDNYBWSh/rIFP7MMfs557kWn1dM64bpXdnfBE5E debug1: read_passphrase: can't open /dev/tty: No such device or address - deploy-rs uses nix, which uses SSH which doesn't use the environment variable HOME, but rather /etc/passwd to find a user's HOME - To solve this, we override SSH options using UserKnownHostsFile and the -i flag	2023-03-08 14:10:19 +01:00
teutat3s	f5239c042b	Merge pull request 'ci: debug Host key verification failed error' (#204 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#204	2023-03-08 14:05:19 +01:00
teutat3s	51e84e9418	ci: debug Host key verification failed error	2023-03-08 14:04:06 +01:00
teutat3s	f6708d252e	Merge pull request 'ci: debug Host key verification failed error' (#203 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#203	2023-03-08 13:55:32 +01:00
teutat3s	0bd30c33d5	ci: debug Host key verification failed error	2023-03-08 13:54:50 +01:00
teutat3s	3f9b0f9a3b	Merge pull request 'ci: debug Host key verification failed error' (#202 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#202	2023-03-08 13:49:58 +01:00
teutat3s	09cdf6c390	ci: debug Host key verification failed error	2023-03-08 13:49:27 +01:00
teutat3s	30652571cf	Merge pull request 'ci: debug Host key verification failed error' (#201 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#201	2023-03-08 13:43:13 +01:00
teutat3s	9812687fb1	ci: debug Host key verification failed error	2023-03-08 13:42:29 +01:00
teutat3s	86ca4f6f54	Merge pull request 'ci: debug Host key verification failed error' (#200 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#200	2023-03-08 13:35:46 +01:00
teutat3s	1a16083510	ci: debug Host key verification failed error	2023-03-08 13:35:02 +01:00
teutat3s	8c4cc68bd6	Merge pull request 'ci: fix Host key verification failed' (#199 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#199	2023-03-08 13:30:24 +01:00
teutat3s	9dc77abfc8	ci: fix Host key verification failed - missing SSH known_hosts in deploy pipeline - SSH tries to use Trust-On-First-Use (TOFU) interactively to add a new host key - verbose SSH logs: debug1: Server host key: ssh-ed25519 SHA256:1bbksDNYBWSh/rIFP7MMfs557kWn1dM64bpXdnfBE5E debug1: read_passphrase: can't open /dev/tty: No such device or address - deploy-rs uses nix, which uses SSH which doesn't use the environment variable HOME, but rather /etc/passwd to find a user's HOME	2023-03-08 13:25:49 +01:00
teutat3s	6192881ac1	Merge pull request 'ci: debug Host key verification failed error' (#198 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#198	2023-03-08 12:54:37 +01:00
teutat3s	3890494935	ci: debug Host key verification failed error	2023-03-08 12:53:56 +01:00
teutat3s	420a201f70	Merge pull request 'ci: debug Host key verification failed error' (#197 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#197	2023-03-08 12:26:33 +01:00
teutat3s	e2c601509a	ci: debug Host key verification failed error	2023-03-08 12:26:01 +01:00
teutat3s	3491fc2b74	Merge pull request 'ci: debug Host key verification failed error' (#196 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#196	2023-03-08 11:54:51 +01:00
teutat3s	40e967fb7d	ci: debug Host key verification failed error	2023-03-08 11:54:03 +01:00
teutat3s	503a40da11	Merge pull request 'ci: debug Host key verification failed error' (#195 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#195	2023-03-08 11:51:40 +01:00
teutat3s	6190795afa	ci: debug Host key verification failed error	2023-03-08 11:50:21 +01:00
teutat3s	8bf3b126de	Merge pull request 'ci: fix missing SSH known_hosts in deploy pipeline' (#194 ) from momo/ci-deployment-known-hosts into momo/main Reviewed-on: pub-solar/os#194 Reviewed-by: hensoko <hensoko@gssws.de>	2023-03-08 11:33:02 +01:00
teutat3s	e3db9f51a6	ci: fix missing SSH known_hosts in deploy pipeline	2023-03-07 21:51:43 +01:00
teutat3s	6913d66458	Merge pull request 'ci: deploy host_001_momo_koeln on every push to momo/main' (#193 ) from momo/ci-deployment into momo/main Reviewed-on: pub-solar/os#193 Reviewed-by: hensoko <hensoko@gssws.de>	2023-03-07 21:21:56 +01:00
teutat3s	716f22e32d	ci: deploy host_001_momo_koeln on every push to momo/main The branch momo/main is now protected from direct pushes and changes should go through review before getting merged Fix drone lint errors: Pipeline stage 'Notification' declares invalid dependency 'Tests' Pipeline stage 'Publish ISO' declares invalid dependency 'Check'	2023-03-07 17:33:01 +01:00
hensoko	4b5955a164	Merge pull request 'barkeeper: add teutat3s SSH public key' (#191 ) from momo/teutat3s-ssh-public-key into momo/main Reviewed-on: pub-solar/os#191	2023-03-07 10:54:47 +01:00
teutat3s	9ae94a6c4e	Remove unused bootstrap host	2023-03-07 01:19:46 +01:00
teutat3s	597594912c	Remove unused pub-solar user	2023-03-07 01:17:03 +01:00
teutat3s	2ae3276694	Remove unused PubSolarOS host, ci should builds host_001_momo_koeln instead	2023-03-07 01:14:59 +01:00
teutat3s	9d7dfe52cb	barkeeper: add teutat3s SSH public key	2023-03-07 01:10:27 +01:00
Hendrik Sokolowski	0daf30fe09	add 001_momo_koeln	2023-03-07 00:48:42 +01:00