diff --git a/hosts/known-hosts.toml b/hosts/known-hosts.toml index 022ca51..1b34907 100644 --- a/hosts/known-hosts.toml +++ b/hosts/known-hosts.toml @@ -1,18 +1,18 @@ #primarily user for remote builders -#["host"] +#["host.name"] # https://search.nixos.org/options?query=nix.buildMachine #systems #maxJobs #speedFactor #supportedFeatures #mandatoryFeatures -#ssh.user -#ssh.port +#ssh.listenUser +#ssh.listenPort +#ssh.listenPublicKey # cat /etc/ssh/ssh_host_ed25519_key.pub || ssh-keyscan {{fqdn}} +#ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub #ssh.protocol #ssh.proxyJump -#ssh.publicKeyListen # cat /etc/ssh/ssh_host_ed25519_key.pub || ssh-keyscan {{fqdn}} -#ssh.publicKeyUser # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub [default] systems = ["x86_64-linux"] @@ -20,90 +20,243 @@ maxJobs = 0 # not a builder speedFactor = 1 supportedFeatures = [] mandatoryFeatures = [] -ssh.user = "nixbld-remote" # "pbsds" -ssh.port = 22 +ssh.listenUser = "nixbld-remote" # "pbsds" +ssh.listenPort = 22 ssh.protocol = "ssh" # "ssh-ng" -["bjarte"] -ssh.publicKeyUser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7Ftu1LP+p+D6YWIo32V9w6ckHCIbrQWPyCNU4rBAbl root@bjarte" +["bjarte.pbsds.net"] +ssh.publicKeyUser = "TODO" -# in general: one job per 4 threads and 8GB RAM +# in general: +# headless: one job per 4 threads and 8GB RAM +# graphical: one job ["bolle.pbsds.net"] maxJobs = 3 # 12 threads 32GB speedFactor = 5 supportedFeatures = ["kvm","big-parallel","nixos-test"] -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkkJZaQduBo+4+km2Qbj4ebd/k" -ssh.proxyJump = "microbel.pvv.ntnu.no" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILeOB/57N1fQPVorIUlkkJZaQduBo+4+km2Qbj4ebd/k" +ssh.proxyJump = "isvegg.pvv.ntnu.no" ["eple.pbsds.net"] maxJobs = 3 # 12 threads 32GB speedFactor = 5 supportedFeatures = ["kvm","big-parallel","nixos-test"] -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH03MEINNnjBvtmvN2QsCDCLkvF9ow5FQJp9uiyQ1Iwi" -ssh.proxyJump = "microbel.pvv.ntnu.no" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH03MEINNnjBvtmvN2QsCDCLkvF9ow5FQJp9uiyQ1Iwi" +ssh.proxyJump = "isvegg.pvv.ntnu.no" ["garp.pbsds.net"] maxJobs = 2 # 8 threads 32GB speedFactor = 4 supportedFeatures = ["kvm","big-parallel","nixos-test"] -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx" -ssh.proxyJump = "microbel.pvv.ntnu.no" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOkcZ3cUAKk8uUvZPsX7PDBInkb3Eps3Xh+xVrhPY+sx" +ssh.proxyJump = "isvegg.pvv.ntnu.no" ["noximilien.pbsds.net"] #maxJobs = 1 # 8 threads 8GB speedFactor = 2 -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3QhTGS03Sqm6OeCEz5AIGqJnBttKaBqMgNXp3Md7t4" ssh.publicKeyUser = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien" ["sopp.pbsds.net"] -#maxJobs = 4 # 8 threads 32GB +#maxJobs = 1 # 8 threads 32GB speedFactor = 3 supportedFeatures = ["kvm","big-parallel","nixos-test"] -ssh.port = 26 -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GCQjn70BtVdQuJyXx38zN2CDj" +ssh.listenPort = 26 +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDYB9H1pHB1vTBiGhO/GCQjn70BtVdQuJyXx38zN2CDj" ssh.publicKeyUser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp" ["nord.pbsds.net"] maxJobs = 1 # 4 threads 32GB speedFactor = 3 supportedFeatures = ["kvm","big-parallel","nixos-test"] -ssh.port = 24 -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBSdIUtUfAxnVbPDmDDFdP2S3Wd3+CC8IfZAANJ76oh" +ssh.listenPort = 24 +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIBSdIUtUfAxnVbPDmDDFdP2S3Wd3+CC8IfZAANJ76oh" ssh.publicKeyUser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord" ["rocm.pbsds.net"] -maxJobs = 4 # 16 threads 32GB +maxJobs = 1 # 16 threads 32GB speedFactor = 5 supportedFeatures = ["kvm","big-parallel"] -ssh.user = "pbsds" -ssh.publicKeyListen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we" +ssh.listenUser = "pbsds" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we" ["isvegg.pvv.ntnu.no"] maxJobs = 1 # 4 threads 16GB speedFactor = 2 -ssh.user = "pederbs" -ssh.publicKeyListen = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=" +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=" ["eirin.pvv.ntnu.no"] maxJobs = 2 # 8 threads 16GB speedFactor = 2 -ssh.user = "pederbs" -ssh.publicKeyListen = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=" +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=" ["demiurgen.pvv.ntnu.no"] maxJobs = 2 # 8 threads 16GB speedFactor = 2 -ssh.user = "pederbs" -ssh.publicKeyListen = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=" +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=" ["hildring.pvv.ntnu.no"] -ssh.user = "pederbs" -ssh.publicKeyListen = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=" +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=" ["microbel.pvv.ntnu.no"] -ssh.user = "pederbs" -ssh.publicKeyListen = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEq0yasKP0mH6PI6ypmuzPzMnbHELo9k+YB5yW534aKudKZS65YsHJKQ9vapOtmegrn5MQbCCgrshf+/XwZcjbM=" +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEq0yasKP0mH6PI6ypmuzPzMnbHELo9k+YB5yW534aKudKZS65YsHJKQ9vapOtmegrn5MQbCCgrshf+/XwZcjbM=" -#["bob.pvv.ntnu.no"] +["bob.pvv.ntnu.no"] #maxJobs = 10 # 40 threads +ssh.listenUser = "pederbs" +#ssh.listenPublicKey = "" + + +#["darwin-build-box.winter.cafe"] +#systems = [ "aarch64-darwin", "x86_64-darwin" ]; +#maxJobs = 1; # TODO +#ssh.listenUser = "TODO"; +#ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD"; +#ssh.egressPrivateKey = "/run/secrets/nix-community-builders-ssh-key"; + +#["aarch64.nixos.community"] +#systems = [ "aarch64-linux" ]; +#supportedFeatures = [ "big-parallel" ]; +#maxJobs = 1; # TODO: 64 threads? +#ssh.listenUser = "TODO"; +#ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMUTz5i9u5H2FHNAmZJyoJfIGyUm/HfGhfwnc142L3ds"; +#ssh.egressPrivateKey = "/run/secrets/nix-community-builders-ssh-key"; + + +["clab01.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJfJV5Ov3D0qErVnbQZ3oxhA3i0zuAmjmVUf3JV08aSg" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab02.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHNhQPotOGWZdFeW4B3eDYGcaF/2xB56hNL+x3QEURa6" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab03.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH5srnYPuULchLvlCOlWOwrhQEBznQn61kj0Oawnp44Y" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab04.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICgMxLYYiYb/6IAH6nyc9eGXASgDPTE2JcRZ9ODjhQt5" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab05.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHw4h4dH689bLYWjrhhsvfljyWfUEClPa1Kb0cYxLRaD" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab06.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVZ394P3124lSxkzVodFqbindIvCB3kcn4YcgbaPrAs" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab07.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILKQfcOmWC73bmE2mlWEcXFHiDUhsYWA7Xy9Dtq8kKmn" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab08.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKlyZq3uTBCgkvPgs6nWRzsdhHmXHph14dmYWgt1vuBx" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab09.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAj4eXT/k7iiUYx+CXq5ShLWm1N6SNO23EIs4xYEaQaW" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab10.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG5xEUkiwXWaUCA+QfMDq2vHfXKzcpXlrHpJMNQ8EU+K" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab11.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFlKZhdQBrjafzzwdRR3arem3TXnnPucQskd7RWW9L5V" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab12.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDEr2zGzev8JffE67Hkb3Qli7K0kzVdu8VXxJW47PK7m" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab13.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIZgIhgpMCdegJaW6Huad7Dj4YfyR8Zhi1UmDsgcJYK2" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab14.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3pAYx5rtbaUCf4xsiy+7/qKqnGMnSa9KCp42j+XmEh" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab15.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7XwwhLJGwK+a7zShr2Ok9f2GlvPkP+FxKdbGYsNHtd" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab16.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKAaMXBAYsDd2QQOAQhXAAJCejbylQNLI9KsN3/EsY+" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab20.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEGBbcKU5uDTgaQoREjaNuzQkCKNm5wlnhln6ZNiL3o2" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab22.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMHlaYq184VDBoEOtaIIu2jnuBihhWiGPlyku0SMKORG" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab23.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsIRgqoFF900olTCy6DSrFMpZyRmtK6aVP2oYQhNi8g" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab24.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqh/Sp13OcUnZ8gVgiylcLsqAgIw+twQG92GyZK3FBZ" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab25.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOdL5coXj0geu9O1cMLdYuUE0TWlIkKLNj71/XF0e8eg" +ssh.proxyJump = "isvegg.pvv.ntnu.no" + +["clab26.idi.ntnu.no"] +#maxJobs = 1 # 24 threads 64GB +ssh.listenUser = "pederbs" +ssh.listenPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINqqxg0hVT/gPBM1xqrR9QtMRHVBZDYWZ3pzbJv9MHUG" +ssh.proxyJump = "isvegg.pvv.ntnu.no" diff --git a/profiles/remote-builders.nix b/profiles/remote-builders.nix index edc1a11..cbce881 100644 --- a/profiles/remote-builders.nix +++ b/profiles/remote-builders.nix @@ -26,7 +26,7 @@ let jump = hosts.${host.ssh.proxyJump}; buildMachine = (lib.filterAttrs (key: _: !elem key ["ssh"]) host) // { hostName = fqdn; - sshUser = fqdn.ssh.user; + sshUser = host.ssh.listenUser; }; isBuilder = host.maxJobs > 0; isConsumer = host.ssh ? publicKeyUser && thisHostIsBuilder; @@ -35,13 +35,13 @@ let # out nix.buildMachines = mkIf isBuilder [ buildMachine ]; - programs.ssh.knownHosts.${fqdn}.publicKey = mkIf isBuilder host.ssh.publicKeyListen; + programs.ssh.knownHosts.${fqdn}.publicKey = mkIf isBuilder host.ssh.listenPublicKey; # timeout is great when remote is unresponsive. nix doesn't care programs.ssh.extraConfig = '' Host ${fqdn} ConnectTimeout 3 - Port ${builtins.toString (host.ssh.port or 22)} + Port ${builtins.toString (host.ssh.listenPort or 22)} ${lib.optionalString (host.ssh ? proxyJump) '' ProxyJump ${host.ssh.proxyJump} ''} @@ -49,16 +49,16 @@ let # in users = mkIf isConsumer { - users.${thisHost.ssh.user} = { - isSystemUser = lib.mkDefault (!config.users.users.${thisHost.ssh.user}.isNormalUser); + users.${thisHost.ssh.listenUser} = { + isSystemUser = lib.mkDefault (!config.users.users.${thisHost.ssh.listenUser}.isNormalUser); openssh.authorizedKeys.keys = [ - host.ssh.publicKeyUser + host.ssh.userPublicKey ]; group = lib.mkDefault "nogroup"; }; }; - nix.settings.allowed-users = mkIf isConsumer [ thisHost.ssh.user ]; - nix.settings.trusted-users = mkIf isConsumer [ thisHost.ssh.user ]; + nix.settings.allowed-users = mkIf isConsumer [ thisHost.ssh.listenUser ]; + nix.settings.trusted-users = mkIf isConsumer [ thisHost.ssh.listenUser ]; }; in { diff --git a/users/pbsds/home/profiles/ssh.nix b/users/pbsds/home/profiles/ssh.nix index 8c413bd..8135903 100644 --- a/users/pbsds/home/profiles/ssh.nix +++ b/users/pbsds/home/profiles/ssh.nix @@ -28,31 +28,57 @@ "*.pbsds.net".forwardX11Trusted = true; "*.ntnu.no".user = "pederbs"; "*.pvv.org".user = "pederbs"; - "*.hpc.ntnu.no".proxyJump = "microbel.pvv.ntnu.no"; - "*.idi.ntnu.no".proxyJump = "microbel.pvv.ntnu.no"; + "*.hpc.ntnu.no".proxyJump = "isvegg.pvv.ntnu.no"; + "*.idi.ntnu.no".proxyJump = "isvegg.pvv.ntnu.no"; # me - "garp.pbsds.net".proxyJump = "microbel.pvv.ntnu.no"; - "eple.pbsds.net".proxyJump = "microbel.pvv.ntnu.no"; - "bolle.pbsds.net".proxyJump = "microbel.pvv.ntnu.no"; + "garp.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no"; + "eple.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no"; + "bolle.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no"; "pederbs.idi.ntnu.no" = {}; "brumlebasse.pbsds.net".port = 2222; "knut.pbsds.net".port = 23; "nord.pbsds.net".port = 24; "sopp.pbsds.net".port = 26; "noximilien.pbsds.net" = {}; - "rocm.pbsds.net".proxyJump = "microbel.pvv.ntnu.no"; + "rocm.pbsds.net".proxyJump = "isvegg.pvv.ntnu.no"; # ntnu "stud.ntnu.no".hostname = "login.stud.ntnu.no"; "login.stud.ntnu.no" = {}; - "clab15.idi.ntnu.no" = {}; + #"clab15.idi.ntnu.no" = {}; "idun-login1.hpc.ntnu.no" = {}; "snotra-login1.idi.ntnu.no" = {}; "oppdal.idi.ntnu.no" = {}; "selbu.idi.ntnu.no" = {}; "malvik.idi.ntnu.no" = {}; "heid.idi.ntnu.no".forwardX11 = true; + "clab01.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab02.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab03.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab04.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab05.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab06.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab07.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab08.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab09.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab10.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab11.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab12.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab13.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab14.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab15.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab16.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab17.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab18.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab19.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab20.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab21.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab22.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab23.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab24.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab25.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; + "clab26.idi.ntnu.no".proxyJump = "snotra-login1.idi.ntnu.no"; # NVG "nvg.ntnu.no".hostname = "login.stud.ntnu.no"; @@ -61,6 +87,7 @@ "alphys.pvv.ntnu.no".user = "root"; "balduzius.pvv.ntnu.no".user = "root"; "brzeczyszczykiewicz.pvv.ntnu.no" = {}; + "georg.pvv.ntnu.no" = {}; "dash8.pvv.ntnu.no" = {}; "demiurgen.pvv.ntnu.no" = {}; "dvask-mgmt.pvv.ntnu.no".user = "root"; @@ -90,7 +117,7 @@ # fyrkat #"fyrkat.no".hostname = "fridge.fyrkat.no"; - #"*.fyrkat.no".proxyJump = "microbel.pvv.ntnu.no"; + #"*.fyrkat.no".proxyJump = "isvegg.pvv.ntnu.no"; "fridge.fyrkat.no" = {}; "fil.fyrkat.no" = {}; };