motiejus
/
config
1
Fork 0
Code Packages Releases Activity

deployerbot: allow fwminex too

This commit is contained in:
Motiejus Jakštys 2024-07-28 22:25:58 +03:00
parent 846ec80d9f
commit 38311119f9
6 changed files with 24 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hosts/fra1-a/configuration.nix
View File

@ -73,7 +73,10 @@
deployerbot = { deployerbot = {
follower = { follower = {
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; publicKeys = [
myData.hosts."vno1-oh2.servers.jakst".publicKey
myData.hosts."fwminex.motiejus.jakst".publicKey
];
enable = true; enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern]; sshAllowSubnets = [myData.subnets.tailscale.sshPattern];

5
hosts/fwminex/configuration.nix
View File

@ -102,7 +102,10 @@ in {
deployerbot = { deployerbot = {
follower = { follower = {
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; publicKeys = [
myData.hosts."vno1-oh2.servers.jakst".publicKey
myData.hosts."fwminex.motiejus.jakst".publicKey
];
enable = true; enable = true;
uidgid = myData.uidgid.updaterbot-deployee; uidgid = myData.uidgid.updaterbot-deployee;

5
hosts/mtworx/configuration.nix
View File

@ -97,7 +97,10 @@ in {
deployerbot = { deployerbot = {
follower = { follower = {
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; publicKeys = [
myData.hosts."vno1-oh2.servers.jakst".publicKey
myData.hosts."fwminex.motiejus.jakst".publicKey
];
enable = true; enable = true;
uidgid = myData.uidgid.updaterbot-deployee; uidgid = myData.uidgid.updaterbot-deployee;

5
hosts/vno1-oh2/configuration.nix
View File

@ -222,7 +222,10 @@
}; };
follower = { follower = {
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; publicKeys = [
myData.hosts."vno1-oh2.servers.jakst".publicKey
myData.hosts."fwminex.motiejus.jakst".publicKey
];
enable = true; enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern]; sshAllowSubnets = [myData.subnets.tailscale.sshPattern];

5
hosts/vno3-rp3b/configuration.nix
View File

@ -94,7 +94,10 @@
deployerbot = { deployerbot = {
follower = { follower = {
inherit (myData.hosts."vno1-oh2.servers.jakst") publicKey; publicKeys = [
myData.hosts."vno1-oh2.servers.jakst".publicKey
myData.hosts."fwminex.motiejus.jakst".publicKey
];
enable = true; enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern]; sshAllowSubnets = [myData.subnets.tailscale.sshPattern];

8
modules/services/deployerbot/default.nix
View File

@ -23,7 +23,7 @@
options.mj.services.deployerbot.follower = with lib.types; { options.mj.services.deployerbot.follower = with lib.types; {
enable = lib.mkEnableOption "Allow system to be deployed with deployerbot"; enable = lib.mkEnableOption "Allow system to be deployed with deployerbot";
sshAllowSubnets = lib.mkOption {type = listOf str;}; sshAllowSubnets = lib.mkOption {type = listOf str;};
publicKey = lib.mkOption {type = str;}; publicKeys = lib.mkOption {type = listOf str;};
uidgid = lib.mkOption {type = int;}; uidgid = lib.mkOption {type = int;};
}; };
@ -129,9 +129,9 @@
isSystemUser = true; isSystemUser = true;
createHome = true; createHome = true;
uid = cfg.uidgid; uid = cfg.uidgid;
openssh.authorizedKeys.keys = let openssh.authorizedKeys.keys =
restrictedPubKey = "from=\"${builtins.concatStringsSep "," cfg.sshAllowSubnets}\" " + cfg.publicKey; map (k: "from=\"${builtins.concatStringsSep "," cfg.sshAllowSubnets}\" " + k)
in [restrictedPubKey]; cfg.publicKeys;
}; };
users.groups.deployerbot-follower.gid = cfg.uidgid; users.groups.deployerbot-follower.gid = cfg.uidgid;
nix.settings.trusted-users = ["deployerbot-follower"]; nix.settings.trusted-users = ["deployerbot-follower"];