Remote builder testing

This commit is contained in:
iFargle 2023-10-07 17:37:10 +09:00
parent 4ee5511518
commit 90cb62c34d
3 changed files with 29 additions and 19 deletions

View file

@ -2,13 +2,13 @@
pushd /etc/nixos/git pushd /etc/nixos/git
# Home-Manager Setup # Home-Manager Setup
echo "Setting up Home Manager..... " echo ">>> Setting up Home Manager..... "
sudo mkdir /nix/var/nix/profiles/per-user/albert sudo mkdir /nix/var/nix/profiles/per-user/albert
home-manager switch -b backup --flake /etc/nixos/git home-manager switch -b backup --flake /etc/nixos/git
source ~/.bashrc source ~/.bashrc
# Import and trust the GPG key # Import and trust the GPG key
echo "Setting up user GPG key..... " echo ">>> Setting up user GPG key..... "
drive=$(lsblk -o serial,name | grep 012345679518 | awk {'print $2'}) drive=$(lsblk -o serial,name | grep 012345679518 | awk {'print $2'})
sudo mkdir /tmp/drive sudo mkdir /tmp/drive
sudo cryptsetup luksOpen /dev/${drive}3 usb-luks sudo cryptsetup luksOpen /dev/${drive}3 usb-luks
@ -21,13 +21,13 @@ echo -e "5\ny\n" | gpg --command-fd 0 --expert --edit-key albert@sysctl.io trus
# Setup SOPS # Setup SOPS
echo "Setting up SOPS keys..... " echo "Setting up SOPS keys..... "
echo "!!!!!" echo ">>> !!!!!"
echo "!!!!!" echo ">>> !!!!!"
echo "!!!!!" echo ">>> !!!!!"
echo "!!!!! Copy this signature to .sops.yaml: " echo ">>> !!!!! Copy this signature to .sops.yaml: "
echo "!!!!!" echo ">>> !!!!!"
echo "!!!!!" echo ">>> !!!!!"
echo "!!!!!" echo ">>> !!!!!"
sudo ssh-to-pgp \ sudo ssh-to-pgp \
-comment "Generated `date +%Y.%m.%d`" \ -comment "Generated `date +%Y.%m.%d`" \
-email "root@`hostname`" \ -email "root@`hostname`" \
@ -35,29 +35,35 @@ sudo ssh-to-pgp \
-o /etc/nixos/git/keys/hosts/$(hostname).asc -o /etc/nixos/git/keys/hosts/$(hostname).asc
# Set up ssh keys # Set up ssh keys
echo "Setting up SSH Keys..... " echo ">>> Setting up SSH Keys..... "
ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N "" ssh-keygen -t rsa -b 8192 -f ~/.ssh/id_rsa -N ""
echo "" >> ./keys/ssh/keys.txt echo "" >> ./keys/ssh/keys.txt
echo "# `whoami`@`hostname`" >> ./keys/ssh/keys.txt echo "# `whoami`@`hostname`" >> ./keys/ssh/keys.txt
cat /home/albert/.ssh/id_rsa.pub >> ./keys/ssh/keys.txt cat /home/albert/.ssh/id_rsa.pub >> ./keys/ssh/keys.txt
echo ">>> Setting up Distributed Build SSH Keys..... "
sudo ssh-keygen -t rsa -b 8192 -f /root/.ssh/id_rsa -N ""
echo "" >> ./keys/ssh/builder-keys.txt
echo "# root@`hostname`" >> ./keys/ssh/builder-keys.txt
sudo cat /root/.ssh/id_rsa.pub >> ./keys/ssh/builder-keys.txt
# Fix gnupg permissions: # Fix gnupg permissions:
echo "Fixing ~/.gnupg permissions..... " echo ">>> Fixing ~/.gnupg permissions..... "
find ~/.gnupg -type f -exec chmod 600 {} \; find ~/.gnupg -type f -exec chmod 600 {} \;
find ~/.gnupg -type d -exec chmod 700 {} \; find ~/.gnupg -type d -exec chmod 700 {} \;
# Add all changes to git and and push # Add all changes to git and and push
echo "Pushing to git..... " echo ">>> Pushing to git..... "
git add keys/hosts/`hostname`.asc git add keys/hosts/`hostname`.asc
git commit -am "Setup: `whoami`@`hostname`" git commit -am "Setup: `hostname`"
git push git push
echo echo
echo echo
echo "Complete. Once '.sops.yaml' is updated, " echo ">>> Complete. Once '.sops.yaml' is updated, "
echo "run 'update-secrets' and reboot." echo ">>> run 'update-secrets' and reboot."
echo echo
echo echo
echo "Reminder: Upload these changes to git" echo ">>> Reminder: Upload these changes to git"
popd popd

View file

@ -1,2 +1,8 @@
# root@nixos-vm-01 # root@nixos-vm-01
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCbC9cyU8WQt+hWTVT+bviE26cW3+aE+hXWCEJuIxr4+hUIVEHqrysSEyLxTcU6iE4Ov4aNnvtHnQA0iUDh89mnL96Vdt9QF1h0s5slouqq3ep5c/SXxpWhD0nI7POFfpdzZBdX83lxYUbaIRsAkXiBuNWdH/2Jv7BmE/CRozqttebiPXUr/ZKR5ciVg7Tq6HZWDzl/7J/h0zy0XY1D0xl8+RnNWqfdhLU8wLi6Z9wUEyloucnp2l0WAjhqT2SImvTPT1SrvGesRG2xeMAF5PgKrnQjjKlLplvxWXioKFoypzYobmoll6LR+eI8ysMqR5osLX31b10HowcB9oH1QZ2qFNkkDbgyCDnxxHPjbNnhjRtgnOOZMJwsVY3qJRrAZTdVKJsdjjQgB29z8BK2pRZZlWpd+pGv8yxOklPc0HALwt4gGFJl6pQxIMqD4hCcaLHiah994t79UqvbVa3DPaX0nA2bNb8jCVIR4hhTjh7EibQ8gctQce9RGgnV067SBmudUVXt+tvD49dzhPuU2SS2CuzHEA9vxRQm3DB0oyF5FniPeaHhhBz8I/Ig3qUs2CaDoAGFnpH0av5vf+wdrhlJZXjo3rnPI9h3H2NRyu4JXLqZMD+Lh60NqwphgcWuolKQdeoKELgQL5wEXEpUSwqtBhj8LDZ/B3Sgsynt/vAURRmfck7FFWqV+2xB7H4L1BjCFfkrSfYMXqTQC70aZmSPZAiTQw3U05EZKYAnMA4bCqWx9g1R2je6abMBIDYmvGTAbd5jLfNC+sdB0KFEX+fYME5+Jz5Uc0Yu/Yi7xgRdCNGfM4MiAHLfxjoi4g6RCWKHwSGfbq0ry/q4dR97C6U0QhwXOxI2sVeOjKX/vQpS5kQLmGvVYFPzatEaezhr76opnDdeDrbjAlajGlfk2lIyzmL7E7eAmxDU3tgCWswX3ph+CoFpH8JC6rsyUDzbu7kA03YZbTB6HhtYy+LPaoqUbXYn3MUShr26CqWGpW9sR5tCYZNuo8UcEuNPb6fFvdmfGyssHEQFTEXr7Z8xvB2yaZJOQVXSaitOSsFfbfPWCqLGJ27Nz429aKUJJ+x97fXiiGbDJDHMZFQNb3RRSM7VH6R9rxpwkneRJwYAIDW8aPjbXs8qj7z+jYHKySfasBcujQyfsPbBItCglsxFa/T+Nla36TngLR0iDKi8RdLDaBfDxPpHoo5bpOE1W3o1JuyxYy84o94RgmHCuYAKXndilyVm1htD0vvLj1SpNxU6WdSSZyYtDL2CDIt6QGFHjyHV1k4fFxtZ9r62WGusU+p1MToEjeLg0T5RfXMEfnh+CCiYFe68yEFjKS4PEU8R7rAx25/xpk+/VwqvAivTlkpv root@nixos-vm-01 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCbC9cyU8WQt+hWTVT+bviE26cW3+aE+hXWCEJuIxr4+hUIVEHqrysSEyLxTcU6iE4Ov4aNnvtHnQA0iUDh89mnL96Vdt9QF1h0s5slouqq3ep5c/SXxpWhD0nI7POFfpdzZBdX83lxYUbaIRsAkXiBuNWdH/2Jv7BmE/CRozqttebiPXUr/ZKR5ciVg7Tq6HZWDzl/7J/h0zy0XY1D0xl8+RnNWqfdhLU8wLi6Z9wUEyloucnp2l0WAjhqT2SImvTPT1SrvGesRG2xeMAF5PgKrnQjjKlLplvxWXioKFoypzYobmoll6LR+eI8ysMqR5osLX31b10HowcB9oH1QZ2qFNkkDbgyCDnxxHPjbNnhjRtgnOOZMJwsVY3qJRrAZTdVKJsdjjQgB29z8BK2pRZZlWpd+pGv8yxOklPc0HALwt4gGFJl6pQxIMqD4hCcaLHiah994t79UqvbVa3DPaX0nA2bNb8jCVIR4hhTjh7EibQ8gctQce9RGgnV067SBmudUVXt+tvD49dzhPuU2SS2CuzHEA9vxRQm3DB0oyF5FniPeaHhhBz8I/Ig3qUs2CaDoAGFnpH0av5vf+wdrhlJZXjo3rnPI9h3H2NRyu4JXLqZMD+Lh60NqwphgcWuolKQdeoKELgQL5wEXEpUSwqtBhj8LDZ/B3Sgsynt/vAURRmfck7FFWqV+2xB7H4L1BjCFfkrSfYMXqTQC70aZmSPZAiTQw3U05EZKYAnMA4bCqWx9g1R2je6abMBIDYmvGTAbd5jLfNC+sdB0KFEX+fYME5+Jz5Uc0Yu/Yi7xgRdCNGfM4MiAHLfxjoi4g6RCWKHwSGfbq0ry/q4dR97C6U0QhwXOxI2sVeOjKX/vQpS5kQLmGvVYFPzatEaezhr76opnDdeDrbjAlajGlfk2lIyzmL7E7eAmxDU3tgCWswX3ph+CoFpH8JC6rsyUDzbu7kA03YZbTB6HhtYy+LPaoqUbXYn3MUShr26CqWGpW9sR5tCYZNuo8UcEuNPb6fFvdmfGyssHEQFTEXr7Z8xvB2yaZJOQVXSaitOSsFfbfPWCqLGJ27Nz429aKUJJ+x97fXiiGbDJDHMZFQNb3RRSM7VH6R9rxpwkneRJwYAIDW8aPjbXs8qj7z+jYHKySfasBcujQyfsPbBItCglsxFa/T+Nla36TngLR0iDKi8RdLDaBfDxPpHoo5bpOE1W3o1JuyxYy84o94RgmHCuYAKXndilyVm1htD0vvLj1SpNxU6WdSSZyYtDL2CDIt6QGFHjyHV1k4fFxtZ9r62WGusU+p1MToEjeLg0T5RfXMEfnh+CCiYFe68yEFjKS4PEU8R7rAx25/xpk+/VwqvAivTlkpv root@nixos-vm-01
# root@nixos-rpi4-02
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCakakYFPSysSzIe3a97SEBAajWk7XfKA9R3JPuGl2YB9I9UJBe3d5zMsZWyVD02t1vuwsx2fBYHJ3Wme84IyanbNlnsXzm0NLRV3yIbwzGVbsPDM/M9AE9YyAaKmnqI7RnXpG1oBPKCs/IaW1qh0G9nMsFRpF0ZYYNXWOiqSml0DcpRlwG2OxxuR8Oj6p3QuGODc0SkE3D2pPd1FjY6o0vogEc0l74TJ+/IBeIeFU0w+0nfYY1/EKtOYb2G0qbSOriYjzhx5PKOq0xL/GjD+knwZiEg1Oo+YRJnd37ERifKEPmKzObZXabsqSgREhebqOC37RpPdV7tqI2BP+Ldc0l3aBrsRg9+itLpEo6k2zyAAN61xtQlzSG9YPeq2sFeDjW7dUF65Wl8/pMmhP55FjB3iejt6pfu4ZRfDbJrOuVIRpXz4tnG47f17UMiLzW44eT9gdgNYoIAO/AONGkitlPH/cVGf1AZJDDqLGDrpZHT9jeeJGbKP47A+glVwmm5oMt2NP/Na5w2rr2izAknB1eIy3g787HDEemwnP6ilFcchRhVpUqn1wGQbbdyt2IAy8jy/BtTLpMqRQg8kO1ES2mXoSTZGDVL/YRxLvK4IQPWKdiQ3b8kELF08/eAsoTPmjNmxRzS3TVhEk6QHrQjU7jfRTN9e3aw61x15pVxQW/Z84VvznwdMK3xejSpl70mmFMqjsWZEBrMyxsU8QFsdCDinSP631oZHmoFwj9ldTMbtyCUWApm6lwKH6YthiDG3w6R/2YFrSwrxbIO0O9NrgAx6p0q0iDZPvQjMFtngN4z9XthtftbjpeVUWfz+sGSlSqbySOv7/EjNURBjFh2bkTaLTjGy8TPffTGMpZNKIyw+Vh/Ffvv80i8byfPvA4r484tu1b9WyCgts9daxyDo8jmQMNI6PocvyNqy9Bcez4wJMiJYJ/rXK04YGabxr5Id/IMzAwZzrytJnfl5fFmICrflw1+H/rPbn5THyWH03xZbY2XlkVTEIUhbTWwfRAy5JSDVicj10YuIkrfvuQhLBchguryei0TSt4golV3cr0h1pRA3idNiwqCCsptNENB4cTvn4dUr/R8r2ZdnJ9JCc9bD1Zl3jPRHlUygGZtHY1tCLzv5y8hPUv6F2HImvm21nKhCiq5r4g/6v0pWUxeuv3nhILabq8AfiksV/pywefuKK7vEj7Vptaj7PAFO3Yu1Or/b9N/w6FyNjlFSkU02wl1NCRLAZTInb/5dPt8ExlQz2bVY7kJLw0ytpJTxMNfTUlhn1zxFhZYuY1DtmBT1rukM8N0cfJP9eurh/m7wzpuXO0mR6S7euR5RnvGflQXG+ilUCNTOJLVKBPP7XT3nrx root@nixos-rpi4-02
# root@nixos-rpi4-03
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQCi5N50jto4aHKycWTNx9ufGHvb0tcKOrv7ExFZpXoOK2pglUyjmBB2qpSoApwaz4U4SykvzmQhSQu+41x0mOXRh10IK9B/Eszr9PlsfHYqTddfTnaTuagub7NCkbvjmjY6VY+W5qiJ69RKN+uyhUHyih2BdASv3ALlPFcFbiGdUvZGVpaWEPZHLcRypNYAS3HUDY1w7/ssONpKYWAjQv/8HEbM8yQY+JMjn5D7mJYxtfy5IaVUeTGRHC3a2m1C2Wwc/MDaARLHxyV6v4ZlnoY/syPqJ55SjwKI9Ke6g0u6XDTNxpOdr60FtOVmTUvYQl1AV+eIfCVmzasrTxhyCj4y83JS1jXu9jhwVGS/CbYIHVcjKvpbHwdcMF1UfRXpQI7ztl8c3AumEQjTM52mSpMxeFAVaaBoGEfTrfslK2vymQaLhNfhA56fWC0bxNcoXH2aoQwdu+y6W0T0cP+VscQr+/Y4EZNvQrfI8GxkHx9Q0Zw6IzKYHl4ivgNHqUrW0lPZI6LhjSfEHwB+SwcJP4JGXVel/EQgJRXrNxC3lVjRT7gy9vzRa+pCncVhk6vQL/PBTdvkJsmT3qRt+8jNCA1QW7bZAtsc8qoMggGpBo6zEm4aujf1EwfeWQE/vX87PTqNlxXsHXvBvSYPYbD/X+NQ1e8Hd5/XiRiMjzHQ3mkYjSWbM9Q2cFeMoN13RBYoaTv49fI/0X2y21nAnpHT/Aoa9l0vY99aUwbEJ7+HEOgBsEa+9O25JSSctqKNX7hV/Nob0bjCI096Cjqmb5bu015IRVa2H/GBZG3Qibr+Va1uTQDe0cqiXdUE3UD9UwzU39l+fCb7SK7i13A0CauPTxA3efO/V7FxSPUrXRlykxV+WP1qq3X+OuFyJmHjkOok+F+cfOXies8Ua9/v2SxrycC1S5MJn0bRrl/AmWwJPcT6EtO7zr7dEfDxcaj8OG+1WGYdxluHJ02HotFACIRTP6aETd5n4vugLGrqsGOAIb6wBxlEK3wlNbBSxwAS2VSYd0RLzIrKDIBvjf3O6DNd7xn54q2/gjGnxGTIHZzHlLeVPszfxewgKpMmBZF5cbokjaR6a8DiDpFuLD2Iguve4/2xqKRAbGFuiWSt9nSsic0df6f2FtNyVevTsNccjEDdAM3ZJxIYJ8K1iPFAu17vhAKKxPELsr/oD0mjW5Z+dNb/tflKMwotfJolmi6AeF4SSLGmIby3ea/H2h3Yr2CW+gYxCv8jQry21x9C2fGTeilzF5mKXB53J+Iw6rGgkGr9wO9Vma7D3qvbFnJ1QRmrTyrcqw2d2jQFabZYjepJJkZFwufHEdowbDxPaD719SzK+8Lbj1Dm8Hx1lgr3NYVT7K+P root@nixos-rpi4-03

View file

@ -1,7 +1,5 @@
{ {
# Allows 'root' to ssh for remote builds nix.trustedUsers = "albert";
users.users.root.openssh.authorizedKeys.keyFiles = [ ../../../keys/ssh/keys.txt ];
nix.buildMachines = [ nix.buildMachines = [
{ {
hostName = "nixos-vm-01"; # Only availalbe on the Headscale network hostName = "nixos-vm-01"; # Only availalbe on the Headscale network