zuckerberg/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Activity

Update ssh keys and allow easy ssh LUKS unlocking

Browse Source
This commit is contained in:
Zuckerberg
2023-02-11 15:05:20 -07:00
parent 6fce2e1116
commit c649b04bdd
5 changed files with 44 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
common/network/hosts.nix
View File

@@ -1,7 +1,21 @@
{ config, lib, ... }:
with builtins;
let
system = (import ../ssh.nix).system;
# hostnames that resolve on clearnet for LUKS unlocking
unlock-clearnet-hosts = {
ponyo = "unlock.ponyo.neet.dev";
};
# hostnames that resolve on tor for LUKS unlocking
unlock-onion-hosts = {
liza = "5synsrjgvfzywruomjsfvfwhhlgxqhyofkzeqt2eisyijvjvebnu2xyd.onion";
router = "jxx2exuihlls2t6ncs7rvrjh2dssubjmjtclwr2ysvxtr4t7jv55xmqd.onion";
ponyo = "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion";
};
in {
networking.hosts = {
# some DNS providers filter local ip results from DNS request
@@ -12,17 +26,29 @@ in {
programs.ssh.knownHosts = {
liza = {
hostNames = [ "liza" "liza.neet.dev" ];
hostNames = [ "liza" "mail.neet.dev" ];
publicKey = system.liza;
};
liza-unlock = {
hostNames = [ unlock-onion-hosts.liza ];
publicKey = system.liza-unlock;
};
ponyo = {
hostNames = [ "ponyo" "ponyo.neet.dev" "ponyo.zt.neet.dev" "git.neet.dev" ];
publicKey = system.ponyo;
};
ponyo-unlock = {
hostNames = [ "unlock.ponyo.neet.dev" "cfamr6artx75qvt7ho3rrbsc7mkucmv5aawebwflsfuorusayacffryd.onion" ];
hostNames = [ unlock-clearnet-hosts.ponyo unlock-onion-hosts.ponyo ];
publicKey = system.ponyo-unlock;
};
router = {
hostNames = [ "router" "192.168.1.228" ];
publicKey = system.router;
};
router-unlock = {
hostNames = [ unlock-onion-hosts.router ];
publicKey = system.router-unlock;
};
ray = {
hostNames = [ "ray" "ray.zt.neet.dev" ];
publicKey = system.ray;
@@ -60,4 +86,15 @@ in {
publicKey = system.n7;
};
};
# prebuilt cmds for easy ssh LUKS unlock
environment.shellAliases =
let
# TODO: remove when all systems are updated to new enough nixpkgs
concatMapAttrs =
f: with lib; flip pipe [ (mapAttrs f) attrValues (foldl' mergeAttrs { }) ];
in
concatMapAttrs (host: addr: {"unlock-over-tor_${host}" = "torsocks ssh root@${addr}";}) unlock-onion-hosts
//
concatMapAttrs (host: addr: {"unlock_${host}" = "torsocks ssh root@${addr}";}) unlock-clearnet-hosts;
}