diff options
author | Alex Auvolat <alex@adnab.me> | 2021-11-16 19:00:15 +0100 |
---|---|---|
committer | Alex Auvolat <alex@adnab.me> | 2021-11-16 19:00:15 +0100 |
commit | 2fc4b9c0a562038217c9e9b562644722601f04bf (patch) | |
tree | 4951556712f833e7003d2a3ed147ad4f7e66b44e | |
parent | 77db1c714ced3b5cfa0a0852cc25d8bc7b1e6738 (diff) | |
download | nixcfg-2fc4b9c0a562038217c9e9b562644722601f04bf.tar.gz nixcfg-2fc4b9c0a562038217c9e9b562644722601f04bf.zip |
Custom ssh config, passwordless sudo
-rw-r--r-- | configuration.nix | 9 | ||||
-rwxr-xr-x | deploy.sh | 19 | ||||
-rw-r--r-- | inventory | 3 | ||||
-rw-r--r-- | ssh_config | 10 | ||||
-rw-r--r-- | ssh_known_hosts | 3 |
5 files changed, 34 insertions, 10 deletions
diff --git a/configuration.nix b/configuration.nix index 88fae6e..608a08f 100644 --- a/configuration.nix +++ b/configuration.nix @@ -187,9 +187,12 @@ in ]; }; - users.extraUsers.root.openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" - ]; + # Passwordless sudo + security.sudo.wheelNeedsPassword = false; + + # users.extraUsers.root.openssh.authorizedKeys.keys = [ + # "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJpaBZdYxHqMxhv2RExAOa7nkKhPBOHupMP3mYaZ73w9 lx@lindy" + # ]; # List packages installed in system profile. To search, run: # $ nix search wget @@ -1,8 +1,19 @@ #!/usr/bin/env bash -for NIXHOST in $(cat inventory); do +cd $(dirname $0) + +for NIXHOST in $(ls node); do + NIXHOST=${NIXHOST%.*} + + if [ -z "$SSH_USER" ]; then + SSH_DEST=$NIXHOST + else + SSH_DEST=$SSH_USER@$NIXHOST + fi + echo "==== DOING $NIXHOST ====" - cat configuration.nix | ssh root@$NIXHOST tee /etc/nixos/configuration.nix > /dev/null - cat node/$NIXHOST.nix | ssh root@$NIXHOST tee /etc/nixos/node.nix > /dev/null - ssh root@$NIXHOST nixos-rebuild switch + + cat configuration.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/configuration.nix > /dev/null + cat node/$NIXHOST.nix | ssh -F ssh_config $SSH_DEST sudo tee /etc/nixos/node.nix > /dev/null + ssh -F ssh_config $SSH_DEST sudo nixos-rebuild switch done diff --git a/inventory b/inventory deleted file mode 100644 index 2a207b8..0000000 --- a/inventory +++ /dev/null @@ -1,3 +0,0 @@ -caribou -carcajou -cariacou diff --git a/ssh_config b/ssh_config new file mode 100644 index 0000000..c685411 --- /dev/null +++ b/ssh_config @@ -0,0 +1,10 @@ +UserKnownHostsFile ./ssh_known_hosts + +Host caribou + HostName 10.42.0.23 + +Host carcajou + HostName 10.42.0.22 + +Host cariacou + HostName 10.42.0.21 diff --git a/ssh_known_hosts b/ssh_known_hosts new file mode 100644 index 0000000..b0de4db --- /dev/null +++ b/ssh_known_hosts @@ -0,0 +1,3 @@ +10.42.0.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39 +10.42.0.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds +10.42.0.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNRilSqrgqdZlLdhN2eOY5ZMbzqpeqAdIf6QuChhXU+ |