1
Fork 0

Finalize calypso install!

This commit is contained in:
prescientmoon 2024-08-26 23:30:04 +02:00
parent b67cf3fde7
commit 2357c5d3d6
Signed by: prescientmoon
SSH key fingerprint: SHA256:WFp/cO76nbarETAoQcQXuV+0h7XJsEsOCI0UsyPIy6U
5 changed files with 26 additions and 12 deletions

View file

@ -1,10 +1,15 @@
{ config, ... }: {
{ config, ... }:
{
programs.ssh.enable = true;
satellite.persistence.at.state.apps.ssh.directories = [ ".ssh" ];
# Makes it easy to copy ssh keys at install time without messing up permissions
systemd.user.tmpfiles.rules = [
"d ${config.satellite.persistence.at.state.home}/ssh/.ssh/etc/ssh"
systemd.user.tmpfiles.rules =
let
ssh = "${config.satellite.persistence.at.state.home}/ssh/.ssh";
in
[
"d ${ssh}/ssh/.ssh"
"e ${ssh}/ssh/.ssh/id_rsa 0700"
"e ${ssh}/id_ed25519 0700"
];
}

View file

@ -16,13 +16,11 @@
"ftft": { "branch": "master", "commit": "f3e43c9584e14b27f04c27a95a9d9f0e58dfec02" },
"github-actions": { "branch": "master", "commit": "728374ef59b11a5f5991ea2560d149a4ae33fd22" },
"gitlinker": { "branch": "master", "commit": "cc59f732f3d043b626c8702cb725c82e54d35c25" },
"gitsigns": { "branch": "main", "commit": "e9c4187c3774a46df2d086a66cf3a7e6bea4c432" },
"gruvbox": { "branch": "main", "commit": "7a1b23e4edf73a39642e77508ee6b9cbb8c60f9e" },
"harpoon": { "branch": "master", "commit": "ccae1b9bec717ae284906b0bf83d720e59d12b91" },
"haskell-tools": { "branch": "master", "commit": "92e097c6832405fb64e4c44a7ce8bebe7836cae6" },
"hyprland": { "branch": "main", "commit": "71760fe0cad972070657b0528f48456f7e0027b2" },
"idris": { "branch": "main", "commit": "8bff02984a33264437e70fd9fff4359679d910da" },
"inc-rename": { "branch": "main", "commit": "8ba77017ca468f3029bf88ef409c2d20476ea66b" },
"indent-blankline": { "branch": "master", "commit": "65e20ab94a26d0e14acac5049b8641336819dfc7" },
"lastplace": { "branch": "main", "commit": "0bb6103c506315044872e0f84b1f736c4172bb20" },
"lean": { "branch": "main", "commit": "182703184edb866d7bfe878be358295e189c8223" },
@ -47,7 +45,6 @@
"rust-tools": { "branch": "master", "commit": "676187908a1ce35ffcd727c654ed68d851299d3e" },
"rzip": { "branch": "master", "commit": "f65400fed27b27c7cff7ef8d428c4e5ff749bf28" },
"scrap": { "branch": "main", "commit": "cc8453ed613932c744c3d1ec42f379b78bd8b92c" },
"ssr": { "branch": "main", "commit": "bb323ba621ac647b4ac5638b47666e3ef3c279e1" },
"telescope": { "branch": "master", "commit": "a0bbec21143c7bc5f8bb02e0005fa0b982edc026" },
"treesitter": { "branch": "master", "commit": "7f4ac678770175cdf0d42c015f4a5b6e18b6cb33" },
"typst": { "branch": "main", "commit": "4d18ced62599ffe5b3c0e5e49566d5456121bc02" },

View file

@ -6,7 +6,7 @@
configs = {
# {{{ Data
data = {
SUBVOLUME = "/root/persist/data";
SUBVOLUME = "/persist/data";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
BACKGROUND_COMPARISON = "yes";
@ -20,7 +20,7 @@
# }}}
# {{{ State
state = {
SUBVOLUME = "/root/persist/state";
SUBVOLUME = "/persist/state";
TIMELINE_CREATE = true;
TIMELINE_CLEANUP = true;
BACKGROUND_COMPARISON = "yes";

View file

@ -68,5 +68,7 @@ in
services.fail2ban.enable = true;
# Makes it easy to copy host keys at install time without messing up permissions
systemd.tmpfiles.rules = [ "d /persist/state/etc/ssh" ];
systemd.tmpfiles.rules = [
"d /persist/state/etc/ssh"
] ++ (lib.lists.forEach config.services.openssh.hostKeys (key: "e ${key.path} 0700"));
}

View file

@ -49,6 +49,16 @@ if [ "$action" = "install" ]; then
echo "Installing nixos"
nixos-install --flake ".#$host"
echo "Copying user ssh keys"
for dir in /mnt/persist/state/home/*; do
mkdir -p "$dir/ssh/.ssh"
cp /hermes/secrets/$host/id* "$dir/ssh/.ssh"
done
echo "Copying host ssh keys"
mkdir -p /mnt/persist/state/home/
cp /hermes/secrets/$host/ssh* /mnt/persist/state/etc/ssh/
fi
if [ "$action" = "enter" ]; then