jawz/NixOS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

enabling battlestation root to ssh into workstation

Browse Source 
ssh configurations wip
This commit is contained in:
Danilo Reyes 2023-09-24 14:38:44 -06:00
parent f6f113b968
commit bc8bc193cb
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
workstation/configuration.org
View File

@ -35,6 +35,7 @@ let
(builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") { (builtins.fetchTarball "https://github.com/nixos/nixpkgs/tarball/master") {
config = config.nixpkgs.config; config = config.nixpkgs.config;
}; };
sshKeyBattlestation = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@battlestation";
jawzManageLibrary = pkgs.writeScriptBin jawzManageLibrary = pkgs.writeScriptBin
"manage-library" (builtins.readFile ../scripts/manage-library.sh); "manage-library" (builtins.readFile ../scripts/manage-library.sh);
jawzTasks = pkgs.writeScriptBin jawzTasks = pkgs.writeScriptBin
@ -187,6 +188,7 @@ nixpkgs.config = {
Being part of the "wheel" group, means that the user has root privileges. Being part of the "wheel" group, means that the user has root privileges.
#+begin_src nix #+begin_src nix
users.users.root.openssh.authorizedKeys.keys = [ sshKeyBattlestation ];
users.users.jawz = { users.users.jawz = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "docker" extraGroups = [ "wheel" "networkmanager" "docker"
@ -196,7 +198,7 @@ users.users.jawz = {
initialPassword = "password"; initialPassword = "password";
openssh = { openssh = {
authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES" authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5GaQM4N+yGAByibOFQOBVMV/6TjOfaGIP+NunMiK76 gpodeacero\cdreyes@100CDREYES"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKDXxfFRSgII4w/S1mrekPQdfXNifqRxwJa0wpQo72wB jawz@battlestation" sshKeyBattlestation
]; ];
}; };
#+end_src #+end_src
@ -691,19 +693,20 @@ services = {
}; };
openssh = let sshPort = 25152; in { openssh = let sshPort = 25152; in {
enable = true; enable = true;
ports = [ sshPort ]; # ports = [ sshPort ];
openFirewall = true; openFirewall = true;
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
}; };
startWhenNeeded = true; startWhenNeeded = true;
listenAddresses = [ # listenAddresses = [
{ # {
addr = "0.0.0.0"; # addr = "0.0.0.0";
port = sshPort; # port = 22;
} # # port = sshPort;
]; # }
# ];
}; };
}; };
#+end_src #+end_src