diff options
author | EuAndreh <eu@euandre.org> | 2023-03-20 09:46:20 -0300 |
---|---|---|
committer | EuAndreh <eu@euandre.org> | 2023-03-20 10:03:17 -0300 |
commit | 7ffcd694068d484842be0b87a9aeeda0a7720568 (patch) | |
tree | c2744d6661967f5a2c128528d6ed51739556d906 | |
parent | Makefile: Also upload managed SSH known_hosts file (diff) | |
download | server-7ffcd694068d484842be0b87a9aeeda0a7720568.tar.gz server-7ffcd694068d484842be0b87a9aeeda0a7720568.tar.xz |
Manage public SSH files as "extra-etc-file" instead of like a secret
Notes
See CI logs with:
git notes --ref=refs/notes/ci-logs show 7ffcd694068d484842be0b87a9aeeda0a7720568
git notes --ref=refs/notes/ci-data show 7ffcd694068d484842be0b87a9aeeda0a7720568
Exit status: 0
Duration: 15
-rw-r--r-- | .gitignore | 1 | ||||
-rw-r--r-- | Makefile | 20 | ||||
-rw-r--r-- | src/infrastructure/config/known_hosts.txt (renamed from src/infrastructure/keys/known_hosts.txt) | 0 | ||||
-rw-r--r-- | src/infrastructure/guix/system.scm | 10 | ||||
-rw-r--r-- | src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped | 1 |
5 files changed, 14 insertions, 18 deletions
@@ -1,4 +1,3 @@ /src/secrets/ -/src/infrastructure/keys/SSH/*.stripped /result /result-next @@ -5,18 +5,21 @@ all: result -result: ALWAYS +result: ALWAYS src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped rm -f result-next guix system -v3 -r result-next build src/infrastructure/guix/system.scm rm -f result mv result-next result +src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped: \ + src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.txt + cut -d' ' -f6- < $(@D)/`basename $@ .stripped`.txt > $@ + check: clean: rm -rf \ - src/secrets/*.txt src/infrastructure/keys/SSH/*.stripped \ result result-next \ @@ -43,22 +46,13 @@ $(repo-secrets): gpg -aer eu@euandre.org < $(@D)/`basename $@ .gpg` > $@ -public-ssh = src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub -$(public-ssh).stripped: $(public-ssh).txt - cut -d' ' -f6- < $(public-ssh).txt > $@ - - -upload-secrets: $(prod-secrets.txt) $(public-ssh).stripped \ - src/infrastructure/keys/known_hosts.txt +upload-secrets: $(prod-secrets.txt) ssh euandre.org sudo -u secrets-keeper 'rm -f /opt/secrets/*' rsync \ --rsync-path='sudo -u secrets-keeper rsync' \ --chmod=000 \ -avzP \ - $(prod-secrets.txt) \ - $(public-ssh).stripped \ - src/infrastructure/keys/known_hosts.txt \ - euandre.org:/opt/secrets/ + $(prod-secrets.txt) euandre.org:/opt/secrets/ ## Generate the ".ssh/authorized_keys" file and upload diff --git a/src/infrastructure/keys/known_hosts.txt b/src/infrastructure/config/known_hosts.txt index 44fc283..44fc283 100644 --- a/src/infrastructure/keys/known_hosts.txt +++ b/src/infrastructure/config/known_hosts.txt diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm index 3d340e5..d591c2b 100644 --- a/src/infrastructure/guix/system.scm +++ b/src/infrastructure/guix/system.scm @@ -409,10 +409,12 @@ "#))))))) (service cgit-service-type queue:cgit-pre-configuration) (simple-service 'extra-etc-file etc-service-type - `(("rc" ,(plain-file "rc.sh" (file "src/infrastructure/config/rc.sh"))) - ("ssh.conf" ,(plain-file "ssh.conf" (file "src/infrastructure/config/ssh.conf"))) - ("init.scm" ,(plain-file "init.scm" (file "src/infrastructure/config/init.scm"))) - ("gitconfig" ,(plain-file "gitconfig" (file "src/infrastructure/config/gitconfig"))))) + `(("rc" ,(plain-file "rc.sh" (file "src/infrastructure/config/rc.sh"))) + ("known_hosts" ,(plain-file "known_hosts" (file "src/infrastructure/config/known_hosts.txt"))) + ("id_rsa.pub" ,(plain-file "id_rsa.pub" (file "src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped"))) + ("ssh.conf" ,(plain-file "ssh.conf" (file "src/infrastructure/config/ssh.conf"))) + ("init.scm" ,(plain-file "init.scm" (file "src/infrastructure/config/init.scm"))) + ("gitconfig" ,(plain-file "gitconfig" (file "src/infrastructure/config/gitconfig"))))) (service git-daemon-service-type (git-daemon-configuration (export-all? #t))) diff --git a/src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped b/src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped new file mode 100644 index 0000000..4a715ff --- /dev/null +++ b/src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0o73ml7gMPhw/EwjIof6ph5PHPAL5EFDrP7PPZ9xCES79nSKZ0r40uW2RNp2Gzwb/QYtbr/aFkuX11Eo739upnj5cydyr4AHPLgoBoPVbn7/0/IIkin4r31GrWYdGzXRZSB5Tz0Za58OYW0RiUVHffx/E5+tOBQ2SMc6WK9/Q6FljGrD3yK/KYgZhcvmfsDTv2DGhFFORoUQSfGGwmRMJXGVPG2lDqoD3I3CWF34Y/b9GRHdSFgHy3iOas03WTsMaOSosmuF9MMm8Zn2515XGXU+uirsUJrFOa5leRBEvoEmx+WsB6CULn0PKk+ieghcq8z4j5oR1AOUFeSSJVIvlOyyt8x5rqLW8CvPFtU982LZrAq/DCcuaIkx/ww/cIbkUIN52Tv1Ia8jfV2aqRJ4hRshsuh9mj5fUlp+jmrMY6Ww5tl24OKrKRAT6pr5Fzgip927BkLPKJFClcp5fzZJLUiwNihYfuR5J+VselMPfxoTXfNVj/hsINclj2CLoCTM= root@toph |