From 3dad1c8710e87c325663968970d122c043d44a20 Mon Sep 17 00:00:00 2001 From: josiah Date: Sun, 19 Feb 2023 11:31:38 -0600 Subject: [PATCH] Move to managing hoyden, exgod under Morph. This appears to be working out pretty well. Alice is now a required user for all machines to manage remote deployment requirements. Probably should figure out a reasonable refactor in order to move Alice into a "secrets" sort of thing, so that I'm not giving away user info for free on git, but i'm not that worried about it. --- nixos-configs/hosts/hoyden/configuration.nix | 24 +++++++++++++- nixos-configs/ops/home/network.nix | 34 +++++++++++++------- 2 files changed, 46 insertions(+), 12 deletions(-) diff --git a/nixos-configs/hosts/hoyden/configuration.nix b/nixos-configs/hosts/hoyden/configuration.nix index 82d606f..5e4d4a3 100644 --- a/nixos-configs/hosts/hoyden/configuration.nix +++ b/nixos-configs/hosts/hoyden/configuration.nix @@ -76,6 +76,7 @@ in { dates = "weekly"; options = "--delete-older-than 30d"; }; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; # This is probalby not gonna work, but is a rough analogue to what I did before # pkgs.writeTextFile { @@ -116,8 +117,17 @@ in { isNormalUser = true; extraGroups = [ "wheel" "audio" "sound" "video" "docker" "vboxusers" "adbusers" ]; + # My SSH keys. + openssh.authorizedKeys.keys = [ + # Replace this with your SSH key! + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPAZhFDzl1lbhWJ7MiTV3+Z1EY8M5b4cH/+ju4uo1d91 admin" + ]; }; + # Use my SSH keys for logging in as root. + users.users.root.openssh.authorizedKeys.keys = + config.users.users.josiah.openssh.authorizedKeys.keys; + nixpkgs.config.allowUnfree = true; # List packages installed in system profile. To search, run: @@ -127,11 +137,16 @@ in { packageOverrides = pkgs: { unstable = import unstableTarball { config = config.nixpkgs.config; }; }; + permittedInsecurePackages = [ + "python2.7-certifi-2021.10.8" + "python2.7-pyjwt-1.7.1"]; # required for poetry }; environment.systemPackages = with pkgs; [ # build shit - morph + morph # ultimately this seems not useful to me; weird errors. + nixops + deploy-rs autoconf yarn automake @@ -253,6 +268,12 @@ in { openssh.enable = true; }; + # Configure ssh auth for sudo/pam + security.sudo.enable = true; + security.pam.enableSSHAgentAuth = true; + security.pam.services.sudo.sshAgentAuth = true; + security.sudo.wheelNeedsPassword = false; + # this works properly fileSystems."/home/josiah/network-share/syn-nas/usenet" = { device = "192.168.1.221:/volume1/usenet"; @@ -291,3 +312,4 @@ in { system.stateVersion = "21.11"; # Did you read the comment? } + diff --git a/nixos-configs/ops/home/network.nix b/nixos-configs/ops/home/network.nix index ad3bddc..d31f43e 100644 --- a/nixos-configs/ops/home/network.nix +++ b/nixos-configs/ops/home/network.nix @@ -7,22 +7,34 @@ # This specifies the configuration for # `seraph` as a NixOS module. - "seraph" = { config, pkgs, lib, ... }: { + # "seraph" = { config, pkgs, lib, ... }: { + # deployment.targetUser = "alice"; + # deployment.targetHost = "seraph"; + + # # Import seraph configuration.nix + # imports = [ + # ../../hosts/seraph/configuration.nix + # ../../common ]; + # }; + + "exgod" = { config, pkgs, lib, ... }: { deployment.targetUser = "alice"; - deployment.targetHost = "seraph"; + deployment.targetHost = "exgod"; - # Import seraph configuration.nix + # Import exgod configuration.nix imports = [ - ../../hosts/seraph/configuration.nix + ../../hosts/exgod/configuration.nix ../../common ]; - }; + }; - # "hoyden" = { config, pkgs, lib, ... }: { - # deployment.targetUser = "josiah"; - # deployment.targetHost = "hoyden"; + "hoyden" = { config, pkgs, lib, ... }: { + deployment.targetUser = "alice"; + deployment.targetHost = "hoyden"; - # # Import seraph configuration.nix - # imports = [ ../../hosts/hoyden/configuration.nix ]; - # }; + # Import seraph configuration.nix + imports = [ + ../../hosts/hoyden/configuration.nix + ../../common ]; + }; }