From e3c872513c45a8fb8af8a22513d9e0c5a64c7a46 Mon Sep 17 00:00:00 2001 From: Daniel Langbein Date: Sat, 18 Nov 2023 13:01:18 +0100 Subject: [PATCH] ssh config (nas and hedgehog) --- assets/ssh/hedgehog.pub | 1 + assets/ssh/pi3bplus.pub | 1 - hosts/yodaHedgehog/btrbk-config.nix | 8 ++++---- hosts/yodaHedgehog/configuration.nix | 1 + hosts/yodaHedgehog/ssh-client-root.nix | 21 +++++++++++++++++++++ modules/btrbk/README.md | 2 +- modules/home-manager.nix | 5 +++++ modules/ssh-server.nix | 2 +- 8 files changed, 34 insertions(+), 7 deletions(-) create mode 100644 assets/ssh/hedgehog.pub delete mode 100644 assets/ssh/pi3bplus.pub create mode 100644 hosts/yodaHedgehog/ssh-client-root.nix diff --git a/assets/ssh/hedgehog.pub b/assets/ssh/hedgehog.pub new file mode 100644 index 0000000..d67bb5a --- /dev/null +++ b/assets/ssh/hedgehog.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP2bFyRVKNc0gr3TXW8wRXXkD0k/OkzsI3vpgrA1YV1p root@yodaHedgehog diff --git a/assets/ssh/pi3bplus.pub b/assets/ssh/pi3bplus.pub deleted file mode 100644 index 785fb75..0000000 --- a/assets/ssh/pi3bplus.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJi1BMzoSM0msvtKwoOzySYuKTpFCAanHYWQjL0tZhDI root@odroid diff --git a/hosts/yodaHedgehog/btrbk-config.nix b/hosts/yodaHedgehog/btrbk-config.nix index d304d9f..49cd8cc 100644 --- a/hosts/yodaHedgehog/btrbk-config.nix +++ b/hosts/yodaHedgehog/btrbk-config.nix @@ -28,8 +28,8 @@ in instance = "remote-backup-ssd"; enable = false; lz4 = false; - ssh_identity = "/mnt/backup/rootNas_ed25519"; - volume = "ssh://rootnas/jc-data"; + ssh_identity = "/root/.ssh/rootNas_ed25519"; + volume = "ssh://rootNas/jc-data"; snapshot_dir = "/snap"; target = "/mnt/backup/snap"; subvolume = ssd-subvolumes; @@ -38,8 +38,8 @@ in instance = "remote-backup-hdd"; enable = false; lz4 = false; - ssh_identity = "/mnt/backup/rootNas_ed25519"; - volume = "ssh://rootnas/mnt/data/jc-data"; + ssh_identity = "/root/.ssh/rootNas_ed25519"; + volume = "ssh://rootNas/mnt/data/jc-data"; snapshot_dir = "/mnt/data/snap2"; target = "/mnt/backup/snap2"; subvolume = hdd-subvolumes; diff --git a/hosts/yodaHedgehog/configuration.nix b/hosts/yodaHedgehog/configuration.nix index 051bf1e..de40048 100644 --- a/hosts/yodaHedgehog/configuration.nix +++ b/hosts/yodaHedgehog/configuration.nix @@ -13,6 +13,7 @@ #../../modules/git.nix ../../modules/zsh.nix #../../modules/ssh-client.nix + ./ssh-client-root.nix ../../modules/ssh-server.nix ../../modules/sendmail-mta.nix diff --git a/hosts/yodaHedgehog/ssh-client-root.nix b/hosts/yodaHedgehog/ssh-client-root.nix new file mode 100644 index 0000000..e35d6a3 --- /dev/null +++ b/hosts/yodaHedgehog/ssh-client-root.nix @@ -0,0 +1,21 @@ +{ config, pkgs, ... }: +{ + home-manager.users.root = { osConfig, config, pkgs, ... }: { + + # SSH client configuration. + programs.ssh = { + enable = true; + userKnownHostsFile = "~/.ssh/known_hosts ${../../assets/ssh/known_hosts}"; + matchBlocks = { + "rootNas" = { + hostname = "p1st.de"; + user = "root"; + port = 2222; + compression = false; + identityFile = "~/.ssh/rootNas_ed25519"; + }; + }; + }; + + }; +} diff --git a/modules/btrbk/README.md b/modules/btrbk/README.md index f6713be..3d635ba 100644 --- a/modules/btrbk/README.md +++ b/modules/btrbk/README.md @@ -275,7 +275,7 @@ volume ssh://rootNas/jc-data subvolume recipe.privacy1st.de subvolume traggo.privacy1st.de volume ssh://rootNas/mnt/data/jc-data - snapshot_dir /mnt/data/snap + snapshot_dir /mnt/data/snap2 target /mnt/backup/snap2 subvolume cloud.privacy1st.de subvolume cloud.media-kollektiv.eu diff --git a/modules/home-manager.nix b/modules/home-manager.nix index 2b7b3a1..88c391d 100644 --- a/modules/home-manager.nix +++ b/modules/home-manager.nix @@ -24,4 +24,9 @@ in /* https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion */ home.stateVersion = "23.05"; }; + home-manager.users.root = { osConfig, config, pkgs, ... }: { + /* The home.stateVersion option does not have a default and must be set */ + /* https://nixos.wiki/wiki/FAQ/When_do_I_update_stateVersion */ + home.stateVersion = "23.05"; + }; } diff --git a/modules/ssh-server.nix b/modules/ssh-server.nix index b6e039b..0ad92e9 100644 --- a/modules/ssh-server.nix +++ b/modules/ssh-server.nix @@ -28,7 +28,7 @@ (builtins.readFile ../assets/ssh/nitrokey.pub) ] ++ ( if (config.networking.hostName == "yodaNas") - then [(builtins.readFile ../assets/ssh/pi3bplus.pub)] + then [(builtins.readFile ../assets/ssh/hedgehog.pub)] else [] ); }