diff options
| author | Alex Auvolat <alex@adnab.me> | 2022-02-25 19:11:25 +0100 |
|---|---|---|
| committer | Alex Auvolat <alex@adnab.me> | 2022-02-25 19:11:25 +0100 |
| commit | 33446d2148d64a65b1ea286adf5636be121ecd66 (patch) | |
| tree | 50753a67a9129bf728ad1d5de6f1db133f8a2b30 | |
| parent | 6dc92812997e99e12ae5fcab3bda65f056a74edb (diff) | |
| download | nixcfg-33446d2148d64a65b1ea286adf5636be121ecd66.tar.gz nixcfg-33446d2148d64a65b1ea286adf5636be121ecd66.zip | |
Carcajou is encrypted
| -rw-r--r-- | cluster/staging/node/carcajou.nix | 5 | ||||
| -rw-r--r-- | nix/remote-unlock.nix | 2 | ||||
| -rw-r--r-- | ssh_known_hosts | 4 |
3 files changed, 7 insertions, 4 deletions
diff --git a/cluster/staging/node/carcajou.nix b/cluster/staging/node/carcajou.nix index beff6a7..304f358 100644 --- a/cluster/staging/node/carcajou.nix +++ b/cluster/staging/node/carcajou.nix @@ -3,6 +3,11 @@ { config, pkgs, ... }: { + imports = + [ + ./remote-unlock.nix + ]; + # Use the systemd-boot EFI boot loader. boot.loader.systemd-boot.enable = true; boot.loader.timeout = 20; diff --git a/nix/remote-unlock.nix b/nix/remote-unlock.nix index 669f578..2975a94 100644 --- a/nix/remote-unlock.nix +++ b/nix/remote-unlock.nix @@ -8,7 +8,7 @@ boot.initrd.network.enable = true; boot.initrd.network.ssh = { enable = true; - port = 2222; + port = 222; authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.admin_accounts); hostKeys = [ "/var/lib/deuxfleurs/remote-unlock/ssh_host_ed25519_key" ]; }; diff --git a/ssh_known_hosts b/ssh_known_hosts index 71f0390..b3b517c 100644 --- a/ssh_known_hosts +++ b/ssh_known_hosts @@ -1,11 +1,9 @@ -10.42.0.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39 10.42.0.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds 10.42.0.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORTjNdFaDbhto8kuMPB3hYkfnzdnceZVIELApUe5PPL 10.42.1.33 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOuY1CvhxBP9BtKkTlmOUu6Hhy8OQTB3R8OCFXbHA/RA 10.42.1.31 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3N0QOFNGkCpVLuOHFdpnBaxIFH925KpdIHV/3F9+BR 10.42.1.32 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPCXJeo6yeQeTN7D7OZwLd8zbyU1jWywlhQ29yyk7x+G 10.42.2.2 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORTjNdFaDbhto8kuMPB3hYkfnzdnceZVIELApUe5PPL -10.42.2.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHXyY9yZdq/VYpg3K1plBzFvim41tWlu+Dmov3BNSm39 10.42.2.21 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILYIRbHPU1w1xWRpm2+u3QsXOKfMjv1EXrpYbHT+epds -192.168.1.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsYD1gNmGyb6c9wjGR6tC69fHP6+FpPHTBT6laPTHeD +10.42.2.22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMf/ioVSSb19Slu+HZLgKt4f1/XsL+K9uMxazSWb/+nQ 10.42.2.23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDsYD1gNmGyb6c9wjGR6tC69fHP6+FpPHTBT6laPTHeD |