diff --git a/flake.nix b/flake.nix index ede9a61..c91c193 100644 --- a/flake.nix +++ b/flake.nix @@ -197,11 +197,18 @@ ]; }); mkConfig = extra-modules: domain: system: inputs: stateVersion: modules: hostname: inputs.nixpkgs.lib.nixosSystem { - inherit system; + #inherit system; specialArgs = { inherit inputs; }; - modules = [ (mkModule extra-modules domain system inputs stateVersion modules hostname) ]; + modules = [ + { + nixpkgs.system = system; # workaround + nixpkgs.hostPlatform.system = system; + #nixpkgs.buildPlatform.system = system; + } + (mkModule extra-modules domain system inputs stateVersion modules hostname) + ]; }; mkReport = extra-modules: domain: system: inputs: stateVersion: modules: hostname: let nixos = mkConfig extra-modules domain system inputs stateVersion modules hostname; @@ -217,7 +224,7 @@ #inherit (cfg.system.build.toplevel) outPath; inherit (cfg.networking) fqdn; inherit (cfg.networking.firewall) allowedTCPPorts allowedUDPPorts; - buildMachines = lib.forEach cfg.nix.buildMachines (buildMachine: buildMachine.hostName); + buildMachines = lib.forEach cfg.nix.buildMachines (buildMachine: "${buildMachine.sshUser}@${buildMachine.hostName}"); users = lib.pipe cfg.users.users [ (lib.filterAttrs (uname: user: user.isNormalUser)) (builtins.mapAttrs (uname: user: { @@ -313,16 +320,20 @@ default = self.overlays.pbsdspkgs; }; - packages = forAllSystems ({ inputs, pkgs, lib, ... }: let + packages = forAllSystems ({ pkgs, lib, ... }: let # TODO: by-name + pbsdspkgs = lib.filterAttrs (name: value: lib.isDerivation value) (self.overlays.pbsdspkgs pkgs null).pbsds; + in + pbsdspkgs // { }); + + + images = forAllSystems ({ inputs, system, pkgs, lib, ... }: let mk-nspawn-setup = hostname: # TODO: nspawn-tarball.nix populates /etc/nixos with junk (pkgs.callPackage ./pkgs/mk-nspawn-setup {}) (mkHosts (mkConfig [ "${nixos-nspawn}/nspawn-tarball.nix" ])).${hostname}; - pbsdspkgs = lib.filterAttrs (name: value: lib.isDerivation value) (self.overlays.pbsdspkgs pkgs null).pbsds; - in - pbsdspkgs // { - nspawn-setup-brumlebasse = mk-nspawn-setup "brumlebasse"; - image-brumlebasse-openstack = nixos-generators-2405.nixosGenerate { + in { + brumlebasse-nspawn-setup = mk-nspawn-setup "brumlebasse"; + brumlebasse-openstack = nixos-generators-2405.nixosGenerate { system = "x86_64-linux"; specialArgs = { inherit inputs; }; modules = [ (mkHosts (mkModule [])).brumlebasse ]; diff --git a/secrets/common.yaml b/secrets/common.yaml index b18b6d5..2e03075 100644 --- a/secrets/common.yaml +++ b/secrets/common.yaml @@ -1,4 +1,4 @@ -transgui: ENC[AES256_GCM,data:wncfhWQzIsGAjgOwo7NzEGGoRvpo2g==,iv:WRuCNgYN+PiyoDbzwRb2dfUcOybgTrY7WNXkrvub9BY=,tag:F/Uau3WEy/0vb6PG18jHgA==,type:str] +transgui: ENC[AES256_GCM,data:ZlNFUiQlyr9izhOia9vleyuZgfcv+2BaDBHQ0A4TK82F7lgtePdJCgezl0iqZq4=,iv:1UbuBIZ3+r27IwOipjT9zYkE98JfluFF8Bf9a5V28Qc=,tag:c7fKYRziDiZA3RBb3GJ1+g==,type:str] nix-community-builders-ssh-key-pub: ENC[AES256_GCM,data:WvjdlG/k+Hm8ZRaIc+6KzJvPIN6GXuepK9zwonOPbeST0IAcDU3OGxPW4as4ENZAaRdwd4ZnIUVhcTmgKlpGaBLhxTQgXYw1rIBgBP1gsSKSaGwE4/yzEIyN99E=,iv:H0ogbpBocFi+jgnKt3Jg9AkAV9YDQTbYAtejusQIBl8=,tag:XfC/1+3qd6J6LC4GKSMKxw==,type:str] nix-community-builders-ssh-key: ENC[AES256_GCM,data:9QNhqQS/6Cu7VMUoWEWkpDCMPu7df6dmreI3duzesonaW6F4W6vL+YLMMTvnnR6BpgmpGvHdvk1aDQnVmpneie6WRfbL4PbLARJviyh1Z/tLQhY9i/MMIADk8D+o4HXBnzLRIWLt319h5eUN1pvmGlJLrgfC0IZLRnPCQLjulIrlhDBlswkNgTrrS0VoRFSXk59JUm8/vWu2OQef2Q99Sug7wquiDZ/XJfqYYxYsGj9SeKiVpyxyuMkviuddee+IOr92KmT19UlekuXAjrYAGeRITrVj1lBSd8DSlBm1ww+0BRqzsAAFojM6N3TkyTjjoXRbVDzDcsMaoCQ7U4Ab9FVz7GdxeNKmeulZMUi4ORPlo4PQ6uDX6RjbWyLwiP33fl5VXMN9+YByVRUrpdtjkQF6jlylCBBRcWl/yOJbYcNg3zcWmJtdVu9t29SU45J2BcJ4Oi18oPf5P6QiU6dJiX1Ba8oR1QeLbFum724J+L5k64Rd84oLkxzVr5GLfXsp54sQ7FkrwEK9HWRfwN8F,iv:NTnnv0Hax/H7EoyHn0VRMG8sbb8tF23Ur2Ak4WYp8Bk=,tag:4hyGKetJ+I3zSqh1zOw/jg==,type:str] pbsbot-gh-token: ENC[AES256_GCM,data:iPTIei8KLfHKeGey08CfSsyuTufvxO4WHG9qE1TqmWHv5/vqW8YyGQ==,iv:JOKI1aFsnqPFkkkZuCmcIFZAbXe7kANt3QEuD+3GyWs=,tag:quwvq3FBiXE1GrzzdWVQww==,type:str] @@ -110,8 +110,8 @@ sops: SklPV3NUSkxwSk1rWHg5N2tiN0xHeVkKhUqu6rVayVeGi00YMRXF1npO7j9oXySX rxVQgH6hYlLbeCIW4T6cP2eCbchWDi3Pear1DVknwEDa+DhHey7Bmg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-17T21:08:34Z" - mac: ENC[AES256_GCM,data:z8aGk1BSfBJAW+LXXYySsJVrDPtBWUUnYpeZ0/Vu/7JK0px46WmDTX3LMj0/kaUHlptzGendJ2nr63HIGLez/ia0c0FeQw5pzHcgCzWITxp4CBjT2dRGbulZpXlPnSfzhaR6VFXVfJthcZG+avHJaGhYpMO2Y5d8zrWxV4Lrhu4=,iv:jmcIIqLY7mN/XgLcDefl3f8fOUAtw1T7aw0K+XbCyFo=,tag:BxUbHMcWK4yk5POugyx3DA==,type:str] + lastmodified: "2024-10-19T23:56:40Z" + mac: ENC[AES256_GCM,data:OGiBtwuQ278lID1Zn2jFwTHP8l4K1M/ig0ViAFMLKn0q3H6SilMfaVDwpKEwaNdIX7eg1EMcPUmjcKZ38+Vqz2dE7D6EzFq5AAcPEJ6xvlSv5NPgJ/wZezJep15hWfDS/kviC9+IVuXJYGxv76ZkULao9qePOTtNxX6JHbVxdC8=,iv:1aotwerQTCZA2L3t+Mc/TSDoChk1qAnFYnsBtDpiRVY=,tag:/9oAX6VaeEk5tY6UZrRaew==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/users/pbsds/default.nix b/users/pbsds/default.nix index dde4683..bcd7dbe 100644 --- a/users/pbsds/default.nix +++ b/users/pbsds/default.nix @@ -67,19 +67,19 @@ #"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAClYXCu7CyStjJ0AqZadUWfuA0h/3kC5FUJk4nTsR0nLXSNp26ETKYY9dID1JQCNgPDDZU3EKCNCpK+nZ/Q09L+agH5XtP6MRIDs0+aXZXy0rcLjS2fgx4ZgIiDGfBlaMCIrM/mdRzVmrYbeMotmkdsLSQ/lFBvX1IuzvUSnyYmRPCXxA== pederbs@hildring" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnVaayewel9GWGUYpTdLqfBnYnaBM10Vfq9fxeb9odwjf6pWe78il/5BCgW5EOadR/PeRv/ZYYnIT1uKEJOZkhjY2E6P2/B/JgzwPTwsrrjQsDHd5VjZty097dmf6vj0LXeJHmP9yogjPjGaSxktqyZi2CTFskRfZBPeCsoRMG+Z5bCMOHpXolvGCVWBNRcT3ITVYAAFL7HNPhcN3f5JkQgu0N+ySlMclNNSbHXXv1OIcLMKto6ZDx4DHp7NmU9uSbv8ERAfmoLCgdz1zOg0eVw9Kxs+XpUy3YFDdmPrny/Vq2LCDHljUWtjJI1uBoPF/ngavV+AuX5FHU9OSKNu7H pbsds@knut.pbsds.net" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+qv5MogWwOgctQfQeHxUHF2ij6UA8BR4DLXtZClnw6A1CtOjAtZeAW62C8q9OKaIKDO0hqd2vLBkgEno4smqBDJ2ThwKuXrhiHqJzCkXZqIKKx79mpTo7aRpFgkJ7328Ee+tbqa65coL98WRhLnDg69NDaOfSCmH85/D0kuyTG7mYIMdBtFXB/IU0QC9USCSGcUGSnQAEx8S0vaXL7JP043kfEfeqwsea598qX+LFa2UfGwgLBpiWi4QEfYy6fviz2TFkbRYKQImybidzUHZkljjPupqu8U4dIx/jsJM/vew717xZPCU0ZCho77TIU+bYSitD5mjnzuD7LrAdbFgnhkD2sQlD/hUW40kPVT/Tq3DrpDRKC9tniiTaIQV1Pe0k82XwYrvV/hTl8T1ed6TuzhmUggqowAbJRbaBIa1zI672AFFQM8OBIN59ZlLy3V2RZW4fvQk2/xMRdVBT0W5Upx+9rCbH9LCGWL8gNNA/PRJ0L9Ts6cq8kf4tFhFQQrk= pbsds@bjarte" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7Ftu1LP+p+D6YWIo32V9w6ckHCIbrQWPyCNU4rBAbl root@bjarte" + #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7Ftu1LP+p+D6YWIo32V9w6ckHCIbrQWPyCNU4rBAbl root@bjarte" #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDlLTAf5ObSpUU490M/l6+s5m0rxayPeaH23RLvIyoCqGftf/3Yi2iHP8wusBWGrEkXg8Po9YKh2CztflqJBnhsv/HaGYRXNsz3oVf2bSURUepZBkUXkg+T1x9OGG8pfvde8ROWZ8KxwLbAKghHUusyAvtJE9ktDxLpajomXDQlo+v7Hj2v4tMKCG/vHPxf/ni3Icl/8Rwo4zjuxl1MxLftPZv9rxCFv06ujuW6f6Mu5q+damt6ReH7RpOzs1rtDjPSnrRCboY4IbT5P4v6cZCr5hgAblKXHfOzPO9WM7O9tugJeE7eJK6Ps8gvWSHs/48SONSpjcYX3NzsRfxp6RRyD0yGrTDP/Ly6TNZzwZdKPO6GkRbLFXAxSn+ex/zW//R4ECQmof3KPYyjpt7yygICSdRlRocpz5aYxytFqBhelEbQqSZTP8q3HdxqGUplAgaCc0bK+m2ob5cirx3kHK2TyQ2dyCZgOML7AjD3GaclxPjkfEipL3/uFkq6EdsdQFs= pbsds@Svanbjorg" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCo5/9uHIKhhpVbcLSKslj9wdBiV4YaY/tydTfypNZBMMP2U54640t8JvHHkxCZRur8AqYupellxAqkmKn516Ut0WvfQcNgF7ieI66JHkK1j7kSFHHG1nkJHslwCh2PeYtfx5zHZZq8X9v/UjVGY182BC4BHC5zixmNiUvvc+N24BRT4NwslFmMYVcTdoNBSJXPgte4uUd+FZrAnHQrjYdJVANgI4i1d11mxlDFgJrPJj30KaIDxHAsAWgCEqGLMDO9N1cpGGbXVeXfoGvv+vdCXgbyA8BK7wWwXvy5HlvhpEJo8g84r6uKMMkEf+K1MpTiaNjdu+7/sKD/ZOyDB4RgCBs0DskouWRi+xfxABaKBj6706Z3hpj+GfpuSXrHKgGYXIL4cZHaAlz8GVsN1mUL4eJ12Sk14Od2QUHbzp7TDz5eaWuczPs5W9qXwNDMZcmBBZ3mkt9ZYPvAPRjeLpAKhhA9xPL3hbob5hhAENTWsFRFJEgpm8l362XFIOLHr/M= pbsds@rocm" #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDHV25/jfk0upLl6JOq1tu1n+VNkMr0OOu8nZa3NBZQfqrGiLQuTTFycBd5hhoWBaZewb0R8jm/GESE4gfeiLtObe0bKXo8SVty5hNrIq06BbICXByJR99ux17psaNyp/dvZO7gkjKm3m30q7TfbZANlIwhv0XmqCz8S31ocJddFznWyK3nFau/Lvzpupi0Y+7yHkmcKiWYzZsjluQF90M5X5nIf2x4jj7WY0IkR2l41MOLk4NCQNIor6EyAXnHs78JBS3kY5p2x7t/cBpMDBmbgZePdfjGv/L4vFgYiG1wTZT77PWPA93GHueZWDGUkIvKbNriP/U+bShKnGjIfZttjerhzsFE1V/RctCFToqHkW39439nCj6eFpgUiLHkx/mAUPz/whKP+9x5I3/DQkgYZ7qA424Msdz2wXWNi3465Mtrf5XPsjWNReEWt9I29W19K5OLO9QQVrkgdioSCvxoHLvQypPscPkLVF8srzCVA6npUOrOuJ5zZcK1ax2/0v8= pbsds@frotbjoff" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDX1n/zBp0Va5VPgUHDJ2tLhR8kzQmkWIdFNVy3WHMzfx2ppR0+ch05ksZ7VYp3ROSMpykdqcjDekM6fD+BJEaHx9MwmHlFgvIVyIVwMwqtheo1gAHW6InsF41c7VRv3dlZgX8ViM9kR6YxCsy8FLkwcRtnQkMnT24LpLvmI6dZA26jAmYvxDO0iSD+7jBf+k1MFJZMxg14tMIcqMnuUhR0OyfORslafM73MKSwFqPeNvJxTq96we5RNBoZfZ63LmAm+EJ/++xoCATWQuSnbrXzIC/tUfHLbn9JUE6OgbTLOCarf/aUQHD5jeevfmNu8DYwtjrqcQsjDt2RySTX1R0OgXDbJe+voOY+9a6mSkpYV37CL5rJGTZYFxLLlC2BZMhmhl/axsK/YGyki9z0zKey65MDl5GxOEaTmVqkextiLMp3qBxvCEOzE6/MsVrOkX/gbNglqFlCVPXxKDBsm5NM/KbqPFuntX+w9UReTAS8MBwBDLM3z0dqT8MaK400wmM= pbsds@noximilien" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien" + #"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC7fYndgIXJM+tLSfkbprWc8ClOI58wlaZCg6I+wMYINeOwxLU24BmIyQAhNeqhHYBdXiyIAl5KN3+YajN1nx6zq2XPXLut31Xtf+0yMdRMX4rXgqOnsBeG4eTfNsPx+v7VNANth8dIADpk59Y9ioWB6JI6NF0wfkqrCSTpt2q9gpTA35MBe41hlaxqxYGq+PlfZyJbN4TJCORZROkjw1P6K+EoYUHTHmduMZSAnpzx5bTHL2r1VK1jLRL4q2O1LP9G7eVYUsZKxKznJqtAeoOGBL4OX2JeIXT51/pXTW0NNyVPELD6aUUZjK8aVK2JDXupXegYO8cHqwLaz7rZj3G8evGamSlGvAYR4Gwvvp4Du8ZRZVM3Gt1allhPMTLnm/gy9Lta35D8SHH0IUKWD3buo5HZliZgSMAvoSrT03vpuGILLoWEkTjpPT0qKIlBd/qlACBzKC9Wwmda5WWgMsfe0zP4zNLVdves5nkMrbY91TYSFM0FuDCaRsK5Mrhx7i0= root@noximilien" #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBHdkKmRB0WjD3L+k8GNTVJDLpOUqLBMW17ld/Jzapo6 pbsds@bolle" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDpuDBMll1viLKd/wm1lCy9iozyKeXMBHDwhdJOpeRLe pbsds@nord" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord" + #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINnS1TmV9q7n+s7+RouuB6vQllnhqNCE1RqPmTMJ2/29 root@nord" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOm2UFDD+qsnKvlBBZ/nhBqY9yeLewwF/bexD2SUL7E3 pbsds@sopp" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp" + #"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL6eTQkxO/1XflHpGf3478+Z7HFYYaf1d4M6mvSK2nAU root@sopp" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJVohqGMKp/UEZtb71RSBBXOEGX4o3lN5GYBlP7HEKbs root@brumlebasse" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILocbYCqu63RT2+mE0l+ZWWw9RVHNcydtLXbLklg6oPe pederbs@pvv" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILocbYCqu63RT2+mE0l+ZWWw9RVHNcydtLXbLklg6oPe pederbs@pvv" # key has passwd ]; }; diff --git a/users/pbsds/home/profiles/ssh.nix b/users/pbsds/home/profiles/ssh.nix index 0994b65..2c7ad5d 100644 --- a/users/pbsds/home/profiles/ssh.nix +++ b/users/pbsds/home/profiles/ssh.nix @@ -132,7 +132,7 @@ #"fyrkat.no".hostname = "fridge.fyrkat.no"; #"*.fyrkat.no".proxyJump = "isvegg.pvv.ntnu.no"; "fridge.fyrkat.no".port = 222; - "fil.fyrkat.no" = {}; + /* "fil.fyrkat.no" = {}; */ };