configure sshkey and update scripts
This commit is contained in:
goeranh
parent
664683f648
commit
f04c924547
1 changed files with 49 additions and 23 deletions
72
flake.nix
72
flake.nix
|
|
@ -29,6 +29,12 @@
|
||||||
disko,
|
disko,
|
||||||
sops,
|
sops,
|
||||||
}:
|
}:
|
||||||
|
let
|
||||||
|
sshkeys = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINABEf0jBjtDdezDDtvl1v27l0DbHP2XUgMARTZXC+MR goeranh@node5"
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDmYHNdtPmQqvNINEWJgqEojrye+wQKr0S0VwlGv7xUa goeranh@node7"
|
||||||
|
];
|
||||||
|
in
|
||||||
rec {
|
rec {
|
||||||
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
|
formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
|
||||||
packages.x86_64-linux =
|
packages.x86_64-linux =
|
||||||
|
|
@ -37,31 +43,25 @@
|
||||||
result: name:
|
result: name:
|
||||||
result
|
result
|
||||||
// {
|
// {
|
||||||
"${name}-iso" = (nixosConfigurations."${name}".extendModules {
|
# run nixos-rebuild switch on the target system
|
||||||
modules = [
|
# the config will be built locally and copied over
|
||||||
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
|
|
||||||
{
|
|
||||||
users.users.administration.password = "test";
|
|
||||||
users.users.root.password = "test";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}).config.system.build.isoImage;
|
|
||||||
"${name}-container" = (nixosConfigurations."${name}".extendModules {
|
|
||||||
modules = [
|
|
||||||
"${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
|
|
||||||
{
|
|
||||||
networking.defaultGateway.interface = "enp1s0";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}).config.system.build.tarball;
|
|
||||||
"${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" ''
|
"${name}-update" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "update" ''
|
||||||
nixos-rebuild switch --flake .#${name} --target-host root@${name}.test.htw.stura-dresden.de
|
nixos-rebuild switch --flake .#${name} --target-host root@${name}.test.htw.stura-dresden.de
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
# copy install image to testserver and deploy the specified configuration to it
|
||||||
"${name}-deploy-test" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "deploy" ''
|
"${name}-deploy-test" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "deploy" ''
|
||||||
FILENAME="$(ls ${self.packages.x86_64-linux."${name}-iso".outPath}/iso)"
|
FILENAME="$(ls ${self.packages.x86_64-linux."installer-iso".outPath}/iso)"
|
||||||
scp ${self.packages.x86_64-linux."${name}-iso".outPath}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME
|
scp ${self.packages.x86_64-linux."installer-iso".outPath}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME
|
||||||
ssh 10.1.0.17 "qm create $1 --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm\""
|
ssh 10.1.0.17 "qm create $1 --name ${nixosConfigurations.${name}.config.networking.fqdn} --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm <br> ${nixosConfigurations.${name}.config.networking.fqdn}\""
|
||||||
ssh 10.1.0.17 "qm start $1"
|
ssh 10.1.0.17 "qm start $1"
|
||||||
|
|
||||||
|
# hardcoded deployment ip
|
||||||
|
# wait until a connection to port 22 on the deployment ip is reachable
|
||||||
|
until nc -vzw 2 141.56.51.98 22 2>/dev/null; do echo trying; sleep 2; done
|
||||||
|
|
||||||
|
# run nixos-anywhere on the deployment address with the specified configuration
|
||||||
|
nix run github:nix-community/nixos-anywhere -- --flake .#${name} --target-host root@141.56.51.98
|
||||||
'';
|
'';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
@ -71,9 +71,35 @@
|
||||||
builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) (
|
builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) (
|
||||||
builtins.attrNames nixosConfigurations
|
builtins.attrNames nixosConfigurations
|
||||||
)
|
)
|
||||||
);# // builtins.foldl' ( result: name: result // {
|
) //
|
||||||
# "${name}test" = "safd";
|
(let
|
||||||
#}) {} (builtins.filter(name: nixpkgs.lib.hasInfix "-")(builtins.attrNames nixosConfigurations));
|
iso-config = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [
|
||||||
|
"${nixpkgs}/nixos/modules/installer/cd-dvd/iso-image.nix"
|
||||||
|
{
|
||||||
|
users.users.administration = {
|
||||||
|
password = "test";
|
||||||
|
isNormalUser = true;
|
||||||
|
};
|
||||||
|
users.users.root.openssh.authorizedKeys.keys = sshkeys;
|
||||||
|
networking.interfaces.ens18.ipv4.addresses = [{
|
||||||
|
address = "141.56.51.98";
|
||||||
|
prefixLength = 24;
|
||||||
|
}];
|
||||||
|
services.getty.autologinUser = "root";
|
||||||
|
services.openssh.enable = true;
|
||||||
|
system.stateVersion = "25.11";
|
||||||
|
networking.dhcpcd.enable = nixpkgs.lib.mkForce false;
|
||||||
|
networking.defaultGateway.address = "141.56.51.254";
|
||||||
|
networking.nameservers = [ "9.9.9.9" ];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
in {
|
||||||
|
installer-iso = iso-config.config.system.build.isoImage;
|
||||||
|
installer-vm = iso-config.config.system.build.vm;
|
||||||
|
});
|
||||||
|
|
||||||
nixosConfigurations = builtins.foldl' (
|
nixosConfigurations = builtins.foldl' (
|
||||||
result: input:
|
result: input:
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue