aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAlex Auvolat <alex@adnab.me>2022-02-25 19:11:25 +0100
committerAlex Auvolat <alex@adnab.me>2022-02-25 19:11:25 +0100
commit33446d2148d64a65b1ea286adf5636be121ecd66 (patch)
tree50753a67a9129bf728ad1d5de6f1db133f8a2b30
parent6dc92812997e99e12ae5fcab3bda65f056a74edb (diff)
downloadnixcfg-33446d2148d64a65b1ea286adf5636be121ecd66.tar.gz
nixcfg-33446d2148d64a65b1ea286adf5636be121ecd66.zip
Carcajou is encrypted
-rw-r--r--cluster/staging/node/carcajou.nix5
-rw-r--r--nix/remote-unlock.nix2
-rw-r--r--ssh_known_hosts4
3 files changed, 7 insertions, 4 deletions
diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix
index beff6a7..304f358 100644
--- a/cluster/staging/node/carcajou.nix
+++ b/cluster/staging/node/carcajou.nix
@@ -3,6 +3,11 @@
{ config, pkgs, ... }:
{
+ imports =
+ [
+ ./remote-unlock.nix
+ ];
+
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.timeout = 20;
diff --git a/nix/remote-unlock.nix b/nix/remote-unlock.nix
index 669f578..2975a94 100644
--- a/nix/remote-unlock.nix
+++ b/nix/remote-unlock.nix
@@ -8,7 +8,7 @@
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
- port = 2222;
+ port = 222;
authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.admin_accounts);
hostKeys = [ "/var/lib/deuxfleurs/remote-unlock/ssh_host_ed25519_key" ];
};
diff --git a/ssh_known_hosts b/ssh_known_hosts
index 71f0390..b3b517c 100644
--- a/ssh_known_hosts
+++ b/ssh_known_hosts
@@ -1,11 +1,9 @@
-10.42.0.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39
10.42.0.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds
10.42.0.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORTjNdFaDbhto8kuMPB3hYkfnzdnceZVIELApUe5PPL
10.42.1.33 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuY1CvhxBP9BtKkTlmOUu6Hhy8OQTB3R8OCFXbHA/RA
10.42.1.31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR
10.42.1.32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G
10.42.2.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORTjNdFaDbhto8kuMPB3hYkfnzdnceZVIELApUe5PPL
-10.42.2.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39
10.42.2.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds
-192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsYD1gNmGyb6c9wjGR6tC69fHP6+FpPHTBT6laPTHeD
+10.42.2.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ
10.42.2.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsYD1gNmGyb6c9wjGR6tC69fHP6+FpPHTBT6laPTHeD