kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

allow accessing test vms from fedi201, closes #286 (#297)

Browse source 
Reviewed-on: Fediversity/Fediversity#297
Co-authored-by: Kiara Grouwstra <kiara@procolix.eu>
Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
This commit is contained in:
Kiara Grouwstra 2025-04-09 16:58:50 +02:00 committed by kiara Grouwstra
parent ea8c61a712
commit c69f1f52e0
8 changed files with 47 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
infra/common/resource.nix
View file

@ -54,6 +54,10 @@ in
## FIXME: Remove direct root authentication once the NixOps4 NixOS provider ## FIXME: Remove direct root authentication once the NixOps4 NixOS provider
## supports users with password-less sudo. ## supports users with password-less sudo.
users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors; users.users.root.openssh.authorizedKeys.keys = attrValues keys.contributors ++ [
# allow our panel vm access to the test machines
keys.panel
];
}; };
} }

24
infra/flake-part.nix
View file

@ -22,10 +22,26 @@ let
{ vmName, isTestVm }: { vmName, isTestVm }:
{ {
_module.args = { inherit inputs; }; _module.args = { inherit inputs; };
imports = [ imports =
./common/resource.nix [
(if isTestVm then ./test-machines + "/${vmName}" else ./machines + "/${vmName}") ./common/resource.nix
]; ]
++ (
if isTestVm then
[
./test-machines/${vmName}
{
nixos.module.users.users.root.openssh.authorizedKeys.keys = [
# allow our panel vm access to the test machines
(import ../keys).panel
];
}
]
else
[
./machines/${vmName}
]
);
fediversityVm.name = vmName; fediversityVm.name = vmName;
}; };

18
infra/machines/fedi201/fedipanel.nix
View file

@ -15,6 +15,24 @@ in
defaults.email = "beheer@procolix.com"; defaults.email = "beheer@procolix.com";
}; };
age.secrets.panel-ssh-key = {
owner = name;
mode = "400";
};
programs.ssh.startAgent = true;
home-manager = {
users.${name}.home = {
stateVersion = "25.05";
file.".ssh/config" = {
text = ''
IdentityFile ${config.age.secrets.panel-ssh-key.path}
'';
};
};
};
services.${name} = { services.${name} = {
enable = true; enable = true;
production = true; production = true;

1
keys/default.nix
View file

@ -34,4 +34,5 @@ in
{ {
contributors = collectKeys ./contributors; contributors = collectKeys ./contributors;
systems = collectKeys ./systems; systems = collectKeys ./systems;
panel = removeTrailingWhitespace (readFile ./panel-ssh-key.pub);
} }

1
keys/panel-ssh-key.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICWfTPs64ImqGh3c/Y+3zqB9YVr5ApsKiS/aTLGXUTzb panel@fedi201

3
panel/nix/configuration.nix
View file

@ -158,8 +158,7 @@ in
}; };
users.users.${name} = { users.users.${name} = {
isSystemUser = true; isNormalUser = true;
group = name;
}; };
users.groups.${name} = { }; users.groups.${name} = { };

BIN
secrets/panel-ssh-key.age Normal file
View file

Binary file not shown.

1
secrets/secrets.nix
View file

@ -28,6 +28,7 @@ concatMapAttrs
forgejo-email-password = [ vm02116 ]; forgejo-email-password = [ vm02116 ];
forgejo-runner-token = [ ]; forgejo-runner-token = [ ];
panel-secret-key = [ fedi201 ]; panel-secret-key = [ fedi201 ];
panel-ssh-key = [ fedi201 ];
wiki-basicauth-htpasswd = [ vm02187 ]; wiki-basicauth-htpasswd = [ vm02187 ];
wiki-password = [ vm02187 ]; wiki-password = [ vm02187 ];
wiki-smtp-password = [ vm02187 ]; wiki-smtp-password = [ vm02187 ];