motiejus/config
1
Fork 0
Code Packages Releases Activity

deployerbot: fwminex allows vno1

Browse Source
This commit is contained in:
Motiejus Jakštys 2023-09-18 20:49:17 +03:00
parent ceb7fe191e
commit 4973a1cdd4
6 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
data.nix
View File

@ -108,7 +108,10 @@ rec {
in in
builtins.catAttrs "jakstIP" mHosts; builtins.catAttrs "jakstIP" mHosts;
vno1.cidr = "192.168.189.0/24"; vno1 = {
cidr = "192.168.189.0/24";
sshPattern = "192.168.189.?";
};
vno3.cidr = "192.168.100.0/24"; vno3.cidr = "192.168.100.0/24";
}; };

1
hosts/fra1-a/configuration.nix
View File

@ -58,6 +58,7 @@
deployerbot = { deployerbot = {
follower = { follower = {
enable = true; enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
uidgid = myData.uidgid.updaterbot-deployee; uidgid = myData.uidgid.updaterbot-deployee;
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey; publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
}; };

1
hosts/fwminex/configuration.nix
View File

@ -89,6 +89,7 @@ in {
enable = true; enable = true;
uidgid = myData.uidgid.updaterbot-deployee; uidgid = myData.uidgid.updaterbot-deployee;
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey; publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
sshAllowSubnets = with myData.subnets; [tailscale.sshPattern vno1.sshPattern];
}; };
}; };

1
hosts/vno1-oh2/configuration.nix
View File

@ -196,6 +196,7 @@
follower = { follower = {
enable = true; enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
uidgid = myData.uidgid.updaterbot-deployee; uidgid = myData.uidgid.updaterbot-deployee;
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey; publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
}; };

1
hosts/vno3-rp3b/configuration.nix
View File

@ -84,6 +84,7 @@
deployerbot = { deployerbot = {
follower = { follower = {
enable = true; enable = true;
sshAllowSubnets = [myData.subnets.tailscale.sshPattern];
uidgid = myData.uidgid.updaterbot-deployee; uidgid = myData.uidgid.updaterbot-deployee;
publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey; publicKey = myData.hosts."vno1-oh2.servers.jakst".publicKey;
}; };

3
modules/services/deployerbot/default.nix
View File

@ -41,6 +41,7 @@ in {
options.mj.services.deployerbot.follower = with lib.types; { options.mj.services.deployerbot.follower = with lib.types; {
enable = lib.mkEnableOption "Allow system to be deployed with deployerbot"; enable = lib.mkEnableOption "Allow system to be deployed with deployerbot";
sshAllowSubnets = lib.mkOption {type = listOf str;};
publicKey = lib.mkOption {type = str;}; publicKey = lib.mkOption {type = str;};
uidgid = lib.mkOption {type = int;}; uidgid = lib.mkOption {type = int;};
}; };
@ -126,7 +127,7 @@ in {
createHome = true; createHome = true;
uid = cfg.follower.uidgid; uid = cfg.follower.uidgid;
openssh.authorizedKeys.keys = let openssh.authorizedKeys.keys = let
restrictedPubKey = "from=\"${myData.subnets.tailscale.sshPattern}\" " + cfg.follower.publicKey; restrictedPubKey = "from=\"${builtins.concatStringsSep "," cfg.follower.sshAllowSubnets}\" " + cfg.follower.publicKey;
in [restrictedPubKey]; in [restrictedPubKey];
}; };
}; };