Compare commits
No commits in common. "420e1fed57698822277a747f650176df759edb78" and "a09557ce9545e896542d85a6e20776af6e589e89" have entirely different histories.
420e1fed57
...
a09557ce95
12 changed files with 29 additions and 92 deletions
|
@ -1,5 +1,3 @@
|
|||
name: flake check
|
||||
|
||||
on: [push]
|
||||
jobs:
|
||||
check:
|
||||
|
|
|
@ -1,27 +0,0 @@
|
|||
name: deploy systems
|
||||
|
||||
on:
|
||||
push:
|
||||
paths:
|
||||
- "**.lock"
|
||||
jobs:
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: install nix action
|
||||
uses: https://github.com/DeterminateSystems/nix-installer-action@v5
|
||||
with:
|
||||
github-token: ${{ secrets.GH_TOKEN }}
|
||||
- name: write private key
|
||||
run: |
|
||||
mkdir -p .ssh && cd .ssh
|
||||
echo "$SSH_KEY" > forgejo
|
||||
chmod 400 forgejo
|
||||
shell: bash
|
||||
env:
|
||||
SSH_KEY: ${{secrets.SSH_DEPLOY_KEY}}
|
||||
- name: deploy
|
||||
run: |
|
||||
cd .ssh
|
||||
nix run github:serokell/deploy-rs -- --ssh-opts="-i forgejo -o StrictHostKeyChecking=no" --skip-checks --targets .#arashi .#kariru .#sakura .#sora .#yuki
|
|
@ -1,5 +1,3 @@
|
|||
name: fmt check
|
||||
|
||||
on: [push]
|
||||
jobs:
|
||||
check:
|
||||
|
|
|
@ -28,9 +28,6 @@
|
|||
};
|
||||
|
||||
users.users.notoh.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi"
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKWRbIwwHuyEOLhA9dKTf4TgFqtPR5MNcJorKm731S7G arashi''
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,64 +1,54 @@
|
|||
inputs: {
|
||||
nodes = with inputs.deploy-rs.lib.x86_64-linux; {
|
||||
sakura = {
|
||||
hostname = "100.121.201.47";
|
||||
hostname = "sakura";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos inputs.self.nixosConfigurations.sakura;
|
||||
};
|
||||
sshUser = "root";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
|
||||
magicRollback = true;
|
||||
sshUser = "notoh";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/sakura"];
|
||||
magicRollback = false;
|
||||
};
|
||||
kariru = {
|
||||
hostname = "100.126.229.95";
|
||||
hostname = "kariru";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos inputs.self.nixosConfigurations.kariru;
|
||||
};
|
||||
sshUser = "root";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
|
||||
magicRollback = true;
|
||||
sshUser = "notoh";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/kariru"];
|
||||
magicRollback = false;
|
||||
};
|
||||
yuki = {
|
||||
hostname = "100.110.140.130";
|
||||
hostname = "yuki";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos inputs.self.nixosConfigurations.yuki;
|
||||
};
|
||||
sshUser = "root";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
|
||||
magicRollback = true;
|
||||
sshUser = "notoh";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/yuki"];
|
||||
magicRollback = false;
|
||||
};
|
||||
arashi = {
|
||||
hostname = "100.94.214.100";
|
||||
hostname = "arashi";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos inputs.self.nixosConfigurations.arashi;
|
||||
};
|
||||
sshUser = "root";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
|
||||
magicRollback = true;
|
||||
sshUser = "notoh";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/arashi"];
|
||||
magicRollback = false;
|
||||
};
|
||||
sora = {
|
||||
hostname = "100.87.54.48";
|
||||
hostname = "sora";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos inputs.self.nixosConfigurations.sora;
|
||||
};
|
||||
sshUser = "root";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
|
||||
magicRollback = true;
|
||||
};
|
||||
tsuru = {
|
||||
hostname = "100.82.146.40";
|
||||
profiles.system = {
|
||||
user = "root";
|
||||
path = activate.nixos inputs.self.nixosConfigurations.tsuru;
|
||||
};
|
||||
sshUser = "root";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
|
||||
magicRollback = true;
|
||||
sshUser = "notoh";
|
||||
sshOpts = ["-t" "-i" "~/.ssh/kumo"];
|
||||
magicRollback = false;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -24,9 +24,6 @@
|
|||
};
|
||||
|
||||
users.users.notoh.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru"
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPmWafzbhah18nm2z1epc6139XVlcKT0ndAI0wbLj+/6 kariru''
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{pkgs, ...}: {
|
||||
{...}: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
./services
|
||||
|
@ -26,11 +26,6 @@
|
|||
};
|
||||
|
||||
users.users.notoh.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura"
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICqAjaV2D2J8ln4n39ZvszCF5Jql+0IaSpFCJlzDSLv6 sakura''
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
|
||||
];
|
||||
|
||||
environment.systemPackages = [pkgs.cowsay];
|
||||
}
|
||||
|
|
|
@ -10,9 +10,6 @@ _: {
|
|||
zramSwap.enable = true;
|
||||
networking.hostName = "sora";
|
||||
users.users.notoh.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora"
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGmI3hRDFjxLjrM3pE471e4jxSlcqeizh3iNVVdaMHeN sora''
|
||||
];
|
||||
}
|
||||
|
|
|
@ -24,9 +24,6 @@
|
|||
};
|
||||
|
||||
users.users.notoh.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru"
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKwby2FLCKFZZlOLDRhsm9GckyYAuyk0mq28jRD02tdv tsuru''
|
||||
];
|
||||
}
|
||||
|
|
|
@ -24,9 +24,6 @@
|
|||
};
|
||||
|
||||
users.users.notoh.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki"
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
|
||||
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINoLDqOjZIQQ+YYir9MQnlh8wgqI1dz5nYL054OnIgDa yuki''
|
||||
];
|
||||
}
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
KbdInteractiveAuthentication = false;
|
||||
PasswordAuthentication = lib.mkForce false;
|
||||
PubkeyAuthentication = lib.mkForce true;
|
||||
PermitRootLogin = lib.mkForce "yes";
|
||||
PermitRootLogin = lib.mkForce "no";
|
||||
StreamLocalBindUnlink = "yes";
|
||||
GatewayPorts = "clientspecified";
|
||||
};
|
||||
|
|
|
@ -55,9 +55,7 @@
|
|||
"192.168.0.0/16"
|
||||
"172.16.0.0/12"
|
||||
"10.0.0.0/8"
|
||||
"5.161.181.184/32"
|
||||
"100.71.49.65/10"
|
||||
"100.82.146.40/10"
|
||||
"5.161.181.184"
|
||||
];
|
||||
jails.DEFAULT = {
|
||||
settings = {
|
||||
|
|
Loading…
Reference in a new issue