notohh/snowflake
notohh/snowflake
1
0
Fork 0
Code Issues Pull requests Projects 1 Releases Packages Wiki Activity

Compare commits

base: notohh:420e1fed57698822277a747f650176df759edb78
Branches Tags
notohh:master
..
compare: notohh:a09557ce9545e896542d85a6e20776af6e589e89
Branches Tags
notohh:master

No commits in common. "420e1fed57698822277a747f650176df759edb78" and "a09557ce9545e896542d85a6e20776af6e589e89" have entirely different histories.
420e1fed57 ... a09557ce95

12 changed files with 29 additions and 92 deletions
Show stats Expand all files Collapse all files

2
.forgejo/workflows/check.yml
View file

@ -1,5 +1,3 @@
name: flake check
on: [push] on: [push]
jobs: jobs:
check: check:

27
.forgejo/workflows/deployment/deploy-systems.yml
View file

@ -1,27 +0,0 @@
name: deploy systems
on:
push:
paths:
- "**.lock"
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: install nix action
uses: https://github.com/DeterminateSystems/nix-installer-action@v5
with:
github-token: ${{ secrets.GH_TOKEN }}
- name: write private key
run: |
mkdir -p .ssh && cd .ssh
echo "$SSH_KEY" > forgejo
chmod 400 forgejo
shell: bash
env:
SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}}
- name: deploy
run: |
cd .ssh
nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no" --skip-checks --targets .#arashi .#kariru .#sakura .#sora .#yuki

2
.forgejo/workflows/fmt.yml
View file

@ -1,5 +1,3 @@
name: fmt check
on: [push] on: [push]
jobs: jobs:
check: check:

5
hosts/arashi/default.nix
View file

@ -28,9 +28,6 @@
}; };
users.users.notoh.openssh.authorizedKeys.keys = [ users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi" ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi''
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
]; ];
} }

50
hosts/deploy.nix
View file

@ -1,64 +1,54 @@
inputs: { inputs: {
nodes = with inputs.deploy-rs.lib.x86_64-linux; { nodes = with inputs.deploy-rs.lib.x86_64-linux; {
sakura = { sakura = {
hostname = "100.121.201.47"; hostname = "sakura";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos inputs.self.nixosConfigurations.sakura; path = activate.nixos inputs.self.nixosConfigurations.sakura;
}; };
sshUser = "root"; sshUser = "notoh";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; sshOpts = ["-t" "-i" "~/.ssh/sakura"];
magicRollback = true; magicRollback = false;
}; };
kariru = { kariru = {
hostname = "100.126.229.95"; hostname = "kariru";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos inputs.self.nixosConfigurations.kariru; path = activate.nixos inputs.self.nixosConfigurations.kariru;
}; };
sshUser = "root"; sshUser = "notoh";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; sshOpts = ["-t" "-i" "~/.ssh/kariru"];
magicRollback = true; magicRollback = false;
}; };
yuki = { yuki = {
hostname = "100.110.140.130"; hostname = "yuki";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos inputs.self.nixosConfigurations.yuki; path = activate.nixos inputs.self.nixosConfigurations.yuki;
}; };
sshUser = "root"; sshUser = "notoh";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; sshOpts = ["-t" "-i" "~/.ssh/yuki"];
magicRollback = true; magicRollback = false;
}; };
arashi = { arashi = {
hostname = "100.94.214.100"; hostname = "arashi";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos inputs.self.nixosConfigurations.arashi; path = activate.nixos inputs.self.nixosConfigurations.arashi;
}; };
sshUser = "root"; sshUser = "notoh";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; sshOpts = ["-t" "-i" "~/.ssh/arashi"];
magicRollback = true; magicRollback = false;
}; };
sora = { sora = {
hostname = "100.87.54.48"; hostname = "sora";
profiles.system = { profiles.system = {
user = "root"; user = "root";
path = activate.nixos inputs.self.nixosConfigurations.sora; path = activate.nixos inputs.self.nixosConfigurations.sora;
}; };
sshUser = "root"; sshUser = "notoh";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; sshOpts = ["-t" "-i" "~/.ssh/kumo"];
magicRollback = true; magicRollback = false;
};
tsuru = {
hostname = "100.82.146.40";
profiles.system = {
user = "root";
path = activate.nixos inputs.self.nixosConfigurations.tsuru;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
magicRollback = true;
}; };
}; };
} }

5
hosts/kariru/default.nix
View file

@ -24,9 +24,6 @@
}; };
users.users.notoh.openssh.authorizedKeys.keys = [ users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru" ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru''
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
]; ];
} }

9
hosts/sakura/default.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { {...}: {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./services ./services
@ -26,11 +26,6 @@
}; };
users.users.notoh.openssh.authorizedKeys.keys = [ users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura" ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura''
]; ];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
];
environment.systemPackages = [pkgs.cowsay];
} }

5
hosts/sora/default.nix
View file

@ -10,9 +10,6 @@ _: {
zramSwap.enable = true; zramSwap.enable = true;
networking.hostName = "sora"; networking.hostName = "sora";
users.users.notoh.openssh.authorizedKeys.keys = [ users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora" ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora''
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
]; ];
} }

5
hosts/tsuru/default.nix
View file

@ -24,9 +24,6 @@
}; };
users.users.notoh.openssh.authorizedKeys.keys = [ users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru" ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru''
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
]; ];
} }

5
hosts/yuki/default.nix
View file

@ -24,9 +24,6 @@
}; };
users.users.notoh.openssh.authorizedKeys.keys = [ users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki" ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki''
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
]; ];
} }

2
modules/openssh.nix
View file

@ -5,7 +5,7 @@
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
PasswordAuthentication = lib.mkForce false; PasswordAuthentication = lib.mkForce false;
PubkeyAuthentication = lib.mkForce true; PubkeyAuthentication = lib.mkForce true;
PermitRootLogin = lib.mkForce "yes"; PermitRootLogin = lib.mkForce "no";
StreamLocalBindUnlink = "yes"; StreamLocalBindUnlink = "yes";
GatewayPorts = "clientspecified"; GatewayPorts = "clientspecified";
}; };

4
modules/security.nix
View file

@ -55,9 +55,7 @@
"192.168.0.0/16" "192.168.0.0/16"
"172.16.0.0/12" "172.16.0.0/12"
"10.0.0.0/8" "10.0.0.0/8"
"5.161.181.184/32" "5.161.181.184"
"100.71.49.65/10"
"100.82.146.40/10"
]; ];
jails.DEFAULT = { jails.DEFAULT = {
settings = { settings = {