Skip to content

Commit 69f0f71

Browse files
jmoggrjmoggr
authored
REFACTOR: Consolidate ssh key management into one .nix file (#971)
1 parent abfb7f4 commit 69f0f71

5 files changed

Lines changed: 61 additions & 62 deletions

File tree

infrastructure/hosts/catcolab-next/default.nix

Lines changed: 2 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,7 @@
55
...
66
}:
77
let
8-
owen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2sBTuqGoEXRWpBRqTBwZZPDdLGGJ0GQcuX5dfIZKb4 o@red-special";
9-
epatters = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKXx6wMJSeYKCHNmbyR803RQ72uto9uYsHhAPPWNl2D evan@epatters.org";
10-
jmoggr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiaHaeJ5PQL0mka/lY1yGXIs/bDK85uY1O3mLySnwHd j@jmoggr.com";
11-
kasbah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1K/FB6dCjo1/xfddi9VoHEGchFo/bcz6v7SC7wAuFQ kaspar@topos";
12-
catcolab-next-deployuser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7AYg1fZM0zMxb/BuZTSwK4O3ycUIHruApr1tKoO8nJ deployuser@next.catcolab.org";
8+
keys = import ../../ssh-keys.nix;
139
in
1410
{
1511
imports = [
@@ -41,13 +37,7 @@ in
4137
environmentFile = config.age.secrets.catcolabSecrets.path;
4238
host = {
4339
enable = true;
44-
userKeys = [
45-
owen
46-
epatters
47-
jmoggr
48-
catcolab-next-deployuser
49-
kasbah
50-
];
40+
userKeys = keys.hosts.catcolab-next.userKeys;
5141
sudoPasswordHash = "$y$j9T$Gvhb3z8dNG2Gzk5STLY2q0$w8hilnb9bC2aNuH8Vx4FpgRzotKpFJeF2oFQ24MGMK8";
5242
backup = {
5343
enable = true;

infrastructure/hosts/catcolab-vm/default.nix

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -6,6 +6,9 @@
66
self,
77
...
88
}:
9+
let
10+
keys = import ../../ssh-keys.nix;
11+
in
912
{
1013
imports = [
1114
(modulesPath + "/profiles/qemu-guest.nix")
@@ -31,10 +34,7 @@
3134
host = {
3235
enable = true;
3336
sudoPasswordHash = "$y$j9T$Gvhb3z8dNG2Gzk5STLY2q0$w8hilnb9bC2aNuH8Vx4FpgRzotKpFJeF2oFQ24MGMK8";
34-
userKeys = [
35-
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiaHaeJ5PQL0mka/lY1yGXIs/bDK85uY1O3mLySnwHd j@jmoggr.com"
36-
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1K/FB6dCjo1/xfddi9VoHEGchFo/bcz6v7SC7wAuFQ kaspar@topos"
37-
];
37+
userKeys = keys.allUserKeys;
3838
};
3939
};
4040

infrastructure/hosts/catcolab/default.nix

Lines changed: 2 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,7 @@
55
...
66
}:
77
let
8-
owen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2sBTuqGoEXRWpBRqTBwZZPDdLGGJ0GQcuX5dfIZKb4 o@red-special";
9-
epatters = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKXx6wMJSeYKCHNmbyR803RQ72uto9uYsHhAPPWNl2D evan@epatters.org";
10-
jmoggr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiaHaeJ5PQL0mka/lY1yGXIs/bDK85uY1O3mLySnwHd j@jmoggr.com";
11-
kasbah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1K/FB6dCjo1/xfddi9VoHEGchFo/bcz6v7SC7wAuFQ kaspar@topos";
8+
keys = import ../../ssh-keys.nix;
129
in
1310
{
1411
imports = [
@@ -38,11 +35,7 @@ in
3835
environmentFile = config.age.secrets.catcolabSecrets.path;
3936
host = {
4037
enable = true;
41-
userKeys = [
42-
epatters
43-
jmoggr
44-
kasbah
45-
];
38+
userKeys = keys.hosts.catcolab.userKeys;
4639
sudoPasswordHash = "$y$j9T$Gvhb3z8dNG2Gzk5STLY2q0$w8hilnb9bC2aNuH8Vx4FpgRzotKpFJeF2oFQ24MGMK8";
4740
backup = {
4841
enable = true;

infrastructure/secrets/secrets.nix

Lines changed: 15 additions & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -1,39 +1,17 @@
11
let
2-
catcolab = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyxORhhfO+9F2hQZ3I/EiSpfg+caWpG6c8AuG5u1XtK root@ip-172-31-14-38.us-east-2.compute.internal";
3-
catcolab-next = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEyUzs+ymd6YFKnPTi6cfoWuNI/fhBGgcx0YELTzWJI root@ip-172-31-9-115.us-east-2.compute.internal";
4-
owen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2sBTuqGoEXRWpBRqTBwZZPDdLGGJ0GQcuX5dfIZKb4 o@red-special";
5-
epatters = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKXx6wMJSeYKCHNmbyR803RQ72uto9uYsHhAPPWNl2D evan@epatters.org";
6-
jmoggr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiaHaeJ5PQL0mka/lY1yGXIs/bDK85uY1O3mLySnwHd j@jmoggr.com";
7-
kasbah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1K/FB6dCjo1/xfddi9VoHEGchFo/bcz6v7SC7wAuFQ kaspar@topos";
8-
catcolab-next-deployuser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7AYg1fZM0zMxb/BuZTSwK4O3ycUIHruApr1tKoO8nJ deployuser@next.catcolab.org";
2+
keys = import ../ssh-keys.nix;
93
in
10-
builtins.mapAttrs (_: publicKeys: { inherit publicKeys; }) ({
11-
"env.next.age" = [
12-
catcolab-next
13-
owen
14-
epatters
15-
jmoggr
16-
catcolab-next-deployuser
17-
kasbah
18-
];
19-
"env.prod.age" = [
20-
catcolab
21-
epatters
22-
jmoggr
23-
kasbah
24-
];
25-
"rclone.conf.next.age" = [
26-
catcolab-next
27-
owen
28-
epatters
29-
jmoggr
30-
catcolab-next-deployuser
31-
kasbah
32-
];
33-
"rclone.conf.prod.age" = [
34-
catcolab
35-
epatters
36-
jmoggr
37-
kasbah
38-
];
39-
})
4+
{
5+
"env.next.age" = {
6+
publicKeys = keys.hosts.catcolab-next.allKeys;
7+
};
8+
"rclone.conf.next.age" = {
9+
publicKeys = keys.hosts.catcolab-next.allKeys;
10+
};
11+
"env.prod.age" = {
12+
publicKeys = keys.hosts.catcolab.allKeys;
13+
};
14+
"rclone.conf.prod.age" = {
15+
publicKeys = keys.hosts.catcolab.allKeys;
16+
};
17+
}

infrastructure/ssh-keys.nix

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
let
2+
allUserKeys = {
3+
owen = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF2sBTuqGoEXRWpBRqTBwZZPDdLGGJ0GQcuX5dfIZKb4 o@red-special";
4+
epatters = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAKXx6wMJSeYKCHNmbyR803RQ72uto9uYsHhAPPWNl2D evan@epatters.org";
5+
jmoggr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiaHaeJ5PQL0mka/lY1yGXIs/bDK85uY1O3mLySnwHd j@jmoggr.com";
6+
kasbah = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM1K/FB6dCjo1/xfddi9VoHEGchFo/bcz6v7SC7wAuFQ kaspar@topos";
7+
catcolab-next-deployuser = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM7AYg1fZM0zMxb/BuZTSwK4O3ycUIHruApr1tKoO8nJ deployuser@next.catcolab.org";
8+
};
9+
10+
# hostKey comes frome the /etc/ssh/ssh_host_ed25519_key.pub file on each host after the host is first
11+
# provisioned
12+
hosts = {
13+
catcolab = rec {
14+
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPyxORhhfO+9F2hQZ3I/EiSpfg+caWpG6c8AuG5u1XtK root@ip-172-31-14-38.us-east-2.compute.internal";
15+
userKeys = with allUserKeys; [
16+
epatters
17+
jmoggr
18+
kasbah
19+
];
20+
allKeys = [ hostKey ] ++ userKeys;
21+
};
22+
catcolab-next = rec {
23+
hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEyUzs+ymd6YFKnPTi6cfoWuNI/fhBGgcx0YELTzWJI root@ip-172-31-9-115.us-east-2.compute.internal";
24+
userKeys = with allUserKeys; [
25+
owen
26+
epatters
27+
jmoggr
28+
kasbah
29+
catcolab-next-deployuser
30+
];
31+
allKeys = [ hostKey ] ++ userKeys;
32+
};
33+
};
34+
in
35+
{
36+
inherit hosts;
37+
allUserKeys = builtins.attrValues allUserKeys;
38+
}

0 commit comments

Comments
 (0)