From d719a974c2d74a359fc937f39d009a31ec60253d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?= Date: Fri, 8 Nov 2024 16:21:52 +0100 Subject: [PATCH] Automated installation of host keys --- flake.lock | 8 ++++---- flake.nix | 21 +++++++++++++++++++-- 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 223a1df8..36ab7c1d 100644 --- a/flake.lock +++ b/flake.lock @@ -1004,11 +1004,11 @@ "pixelfed": "pixelfed" }, "locked": { - "lastModified": 1730977329, - "narHash": "sha256-1/txLla4VANl2g/oyf5ehG5QSGauO/yvOzrblqzJzN8=", + "lastModified": 1731083725, + "narHash": "sha256-+wmQoX+EXcxM/94vmc91hvR750SGXFsx3WhSYxHwMHA=", "ref": "refs/heads/main", - "rev": "cd194f818df0f1752da4ef15c1e435586d28b596", - "revCount": 97, + "rev": "2d522f51f5b61041a2468ff3bb4eb38704081dbc", + "revCount": 99, "type": "git", "url": "https://git.fediversity.eu/fediversity/simple-nixos-fediverse.git" }, diff --git a/flake.nix b/flake.nix index 900d5b0b..c3449893 100644 --- a/flake.nix +++ b/flake.nix @@ -81,18 +81,35 @@ let inherit (builtins) mapAttrs; in - mapAttrs (_: snf.mkInstaller nixpkgs) self.nixosConfigurations.provisioning; + mapAttrs ( + vmname: + snf.mkInstaller { + inherit nixpkgs; + hostKeys = { + rsa = { + private = ./hostKeys/${vmname}/ssh_host_rsa_key; + public = ./hostKeys/${vmname}/ssh_host_rsa_key.pub; + }; + ed25519 = { + private = ./hostKeys/${vmname}/ssh_host_ed25519_key; + public = ./hostKeys/${vmname}/ssh_host_ed25519_key.pub; + }; + }; + } + ) self.nixosConfigurations.provisioning; nixops4Deployments.default = { providers, ... }: let + inherit (builtins) readFile; + makeProcolixVmResource = vmid: vmconfig: { type = providers.local.exec; imports = [ inputs.nixops4-nixos.modules.nixops4Resource.nixos ]; ssh.opts = ""; ssh.host = "95.215.187.${vmid}"; - ssh.hostPublicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOW+f+PUuOBVP4IongWpryzYiOwt19smufZksSwnSPyo"; + ssh.hostPublicKey = readFile ./hostKeys/fedi${vmid}/ssh_host_ed25519_key.pub; nixpkgs = inputs.nixpkgs; nixos.module =