diff options
| -rw-r--r-- | Makefile | 23 | ||||
| -rw-r--r-- | src/config/root-pubkey.txt | 1 | ||||
| -rw-r--r-- | src/guix/system.scm | 4 | ||||
| -rw-r--r-- | src/keys/SSH/root@papo.im.id_rsa.pub.stripped | 1 | ||||
| -rw-r--r-- | src/keys/SSH/root@papo.im.id_rsa.pub.txt | 2 |
5 files changed, 20 insertions, 11 deletions
@@ -36,22 +36,29 @@ all: $(derived-assets) $(derived-assets): Makefile -src/config/tld.txt: Makefile + +# Needed by server to reconfigure(8) without running make(1). +config.txt = \ + src/config/tld.txt \ + src/config/offsite-ssh.txt \ + src/config/root-pubkey.txt \ + +$(config.txt): Makefile + +src/config/tld.txt: echo '$(TLD)' | ifnew $@ -src/config/offsite-ssh.txt: Makefile +src/config/offsite-ssh.txt: echo '$(OFFSITE_SSH)' | ifnew $@ -system.scm.sentinel: src/guix/system.scm src/config/tld.txt src/config/offsite-ssh.txt +src/config/root-pubkey.txt: src/keys/SSH/root@$(TLD).id_rsa.pub.txt + cut -d' ' -f8- < src/keys/SSH/root@$(TLD).id_rsa.pub.txt > $@ + +system.scm.sentinel: src/guix/system.scm $(config.txt) rm -f system.scm* guix build -v3 -r system.scm -Kf src/guix/system.scm touch $@ -.SUFFIXES: .stripped -src/keys/SSH/root@$(TLD).id_rsa.pub.stripped: \ - src/keys/SSH/root@$(TLD).id_rsa.pub.txt - cut -d' ' -f8- < $*.txt > $@ - check-unit: diff --git a/src/config/root-pubkey.txt b/src/config/root-pubkey.txt new file mode 100644 index 0000000..c9d41f4 --- /dev/null +++ b/src/config/root-pubkey.txt @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPPzHg73BhvH4iY4LZaRpAbb2qvVaKm4Zpk9LNbgBMm andreh@velhinho diff --git a/src/guix/system.scm b/src/guix/system.scm index 5212acb..9f24843 100644 --- a/src/guix/system.scm +++ b/src/guix/system.scm @@ -38,6 +38,7 @@ (define +ipv4+ (file "src/config/ipv4.txt")) (define +ipv6+ (file "src/config/ipv6.txt")) (define +tld+ (file "src/config/tld.txt")) +(define +root-pubkey+ (file "src/config/root-pubkey.txt")) (define +known-hosts+ (file "src/config/known-hosts.txt")) (define +offsite-ssh+ (file "src/config/offsite-ssh.txt")) @@ -125,7 +126,8 @@ (service q:dovecot-service-type) (service q:internet-postfix-service-type) (simple-service 'host-specific-etc-file etc-service-type - `(("known_hosts" ,(plain-file "known-hosts.txt" +known-hosts+)) + `(("id_rsa.pub" ,(plain-file "id_rsa.pub" +root-pubkey+)) + ("known_hosts" ,(plain-file "known-hosts.txt" +known-hosts+)) ("offsite-ssh.txt" ,(plain-file "offsite-ssh.txt" +offsite-ssh+)))) (service mail-aliases-service-type `(("root" "andre") diff --git a/src/keys/SSH/root@papo.im.id_rsa.pub.stripped b/src/keys/SSH/root@papo.im.id_rsa.pub.stripped deleted file mode 100644 index 9d6cf4b..0000000 --- a/src/keys/SSH/root@papo.im.id_rsa.pub.stripped +++ /dev/null @@ -1 +0,0 @@ -FIXME diff --git a/src/keys/SSH/root@papo.im.id_rsa.pub.txt b/src/keys/SSH/root@papo.im.id_rsa.pub.txt index 9d6cf4b..8b23c3c 100644 --- a/src/keys/SSH/root@papo.im.id_rsa.pub.txt +++ b/src/keys/SSH/root@papo.im.id_rsa.pub.txt @@ -1 +1 @@ -FIXME +command="borg1 serve --lock-wait 1200 --append-only --restrict-to-repository borg/papo.im/",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDPPzHg73BhvH4iY4LZaRpAbb2qvVaKm4Zpk9LNbgBMm andreh@velhinho |