Frankfurt updates

This commit is contained in:
albert 2024-06-23 20:09:09 +09:00
parent e5e3577fbb
commit 58944fa103
Signed by: albert
GPG key ID: 3895DD267CA11BA9
4 changed files with 8 additions and 2 deletions

View file

@ -7,7 +7,7 @@ keys:
- &framework-server dfd3a496aba156fa521e82ada77d68dc727cf52b
- &osaka-linode-01 5f548d87ab2b8a4d48d80da3f2ff8352998da7fa
- &milan-linode-01 264f9137377eda3b95c82c86cebd6d17984b8d4e
- &frankfurt-linode-01
- &frankfurt-linode-01 22f094819dc2100f3391d47aadcffd115d2386d8
- &piaware-rpi4 4216b645667670a6130bb95a72a56f8269cd0818
- &backups-rpi4 8b37122bb46dc98c208002d65e94778ecd94bd4e
- &bakersfield-rpi4 c93d5c2da5efe4ba4103c8f571faa392f202eed4
@ -71,6 +71,7 @@ creation_rules:
key_groups:
- pgp:
- *albert
- *frankfurt-linode-01
- path_regex: secrets\/hosts\/milan-linode-01\.yaml$
key_groups:

View file

@ -46,3 +46,6 @@ ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB140g0mCbukU0jGoOzLE9LqY5dYJkFLG8pfBhKhq1AL
# (Sat Apr 27 05:28:13 PM PDT 2024) albert@bakersfield-rpi4
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJm3bTcalJgoZt7t5FqFrJl7ZYlC09ew2QWUVF6w1Iih albert@bakersfield-rpi4
# (Sun Jun 23 20:07:13 PM JST 2024) albert@frankfurt-linode-01
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH62HFG6IWoTn4szLnutEs/+4xxmfNyyIDSGqQjHCDm1 albert@frankfurt-linode-01

View file

@ -24,10 +24,12 @@
# backups-rpi4 cron job to back up sysctl.io's Docker files
# osaka-linode-01 cron job to copy certs for the DERP relay
# milan-linode-01 cron job to copy certs for the DERP relay
# frankfurt-linode-01 cron job to copy certs for the DERP relay
users.users.root.openssh.authorizedKeys.keys = [
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKp2wgqFcr0LGaUXbom88/zK2631pysePUWIaCMljT0K root@backups-rpi4''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkNFdEcYIrjss1Nz0tU/AX89hUMmxB/Vabvsa7A6E2K root@osaka-linode-01''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIORCrD/ZWXbAfi5eIN8b9dwuvMuPPTgpMiIFh1WagXV2 root@milan-linode-01''
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkJyYn5uFTC9hND/MdhXig69/VcXEZ9dTipuV/6lov root@frankfurt-linode-01''
];
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

View file

@ -35,7 +35,7 @@
nix.distributedBuilds = true;
networking.useDHCP = lib.mkDefault true;
time.timeZone = "Europe/Rome";
time.timeZone = "Europe/Berlin";
networking.hostName = hostname;
services.tailscale.extraUpFlags = [ "--advertise-exit-node" ];