From 7e8329d21e839ad1317c0a5f6b4481e97a5cd9bc Mon Sep 17 00:00:00 2001 From: Toast Date: Thu, 1 Jun 2023 20:34:53 +0200 Subject: [PATCH 1/5] Add initial suport for configuring Archie (very incomplete, but I'll work for now) --- flake.nix | 16 ++++ machines/Archie/configuration.nix | 101 +++++++++++++++++++++ machines/Archie/default.nix | 8 ++ machines/Archie/hardware-configuration.nix | 43 +++++++++ 4 files changed, 168 insertions(+) create mode 100644 machines/Archie/configuration.nix create mode 100755 machines/Archie/default.nix create mode 100644 machines/Archie/hardware-configuration.nix diff --git a/flake.nix b/flake.nix index 0909ddf..0d440aa 100755 --- a/flake.nix +++ b/flake.nix @@ -34,6 +34,22 @@ outputs = {nixpkgs, agenix, home-manager, nixpkgs-unstable, nix-impermanence, .. }; nixosConfigurations = { + Archie = nixpkgs-unstable.lib.nixosSystem { + system = "x86_64-linux"; + pkgs = import nixpkgs-unstable { + system = "x86_64-linux"; + config = { allowUnfree = true; }; + }; + modules = [ + # Needed for nix-index + { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; } + agenix.nixosModules.default + home-manager.nixosModule + ./roles/common + ./machines/Archie + ]; + }; + Everest = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; pkgs = import nixpkgs { diff --git a/machines/Archie/configuration.nix b/machines/Archie/configuration.nix new file mode 100644 index 0000000..46adb1e --- /dev/null +++ b/machines/Archie/configuration.nix @@ -0,0 +1,101 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running `nixos-help`). + +{ config, pkgs, ... }: + +{ + # Use grub boot loader + boot.loader = { + systemd-boot.enable = false; + grub = { + enable = true; + device = "nodev"; + efiSupport = true; + useOSProber = true; + }; + efi.efiSysMountPoint = "/boot/efi"; + }; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "Archie"; # Define your hostname. + + # Set your time zone. + time.timeZone = "Europe/Madrid"; + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + keyMap = "es"; + }; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + + # Enable the Plasma 5 Desktop Environment. + services.xserver.displayManager.sddm.enable = true; + services.xserver.desktopManager.plasma5.enable = true; + + + # Configure keymap in X11 + # services.xserver.layout = "us"; + # services.xserver.xkbOptions = "eurosign:e,caps:escape"; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + # sound.enable = true; + # hardware.pulseaudio.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.toast = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + packages = with pkgs; [ + firefox + tree + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + +} + diff --git a/machines/Archie/default.nix b/machines/Archie/default.nix new file mode 100755 index 0000000..5bf2485 --- /dev/null +++ b/machines/Archie/default.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + imports = [ + ./configuration.nix + ./hardware-configuration.nix + ]; +} diff --git a/machines/Archie/hardware-configuration.nix b/machines/Archie/hardware-configuration.nix new file mode 100644 index 0000000..5fcc057 --- /dev/null +++ b/machines/Archie/hardware-configuration.nix @@ -0,0 +1,43 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-label/Archie\x20SSD"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress=zstd" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-label/Archie\x20SSD"; + fsType = "btrfs"; + options = [ "subvol=@nix" "compress=zstd" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-label/Archie\x20SSD"; + fsType = "btrfs"; + options = [ "subvol=@boot" "compress=zstd" ]; + }; + + fileSystems."/boot/efi" = + { device = "/dev/disk/by-uuid/FB87-4CBC"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} From 17f7cd8bc10496a95ec915349b49f69223dcc99a Mon Sep 17 00:00:00 2001 From: Toast Date: Thu, 1 Jun 2023 20:46:42 +0200 Subject: [PATCH 2/5] Fix Archie's hardware-configuration.nix The device key seems to escape the \x in the label, so I switched away from double quotes to avoid that --- machines/Archie/hardware-configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/machines/Archie/hardware-configuration.nix b/machines/Archie/hardware-configuration.nix index 5fcc057..da89d2b 100644 --- a/machines/Archie/hardware-configuration.nix +++ b/machines/Archie/hardware-configuration.nix @@ -14,19 +14,19 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-label/Archie\x20SSD"; + { device = '/dev/disk/by-label/Archie\x20SSD'; fsType = "btrfs"; options = [ "subvol=@root" "compress=zstd" ]; }; fileSystems."/nix" = - { device = "/dev/disk/by-label/Archie\x20SSD"; + { device = '/dev/disk/by-label/Archie\x20SSD'; fsType = "btrfs"; options = [ "subvol=@nix" "compress=zstd" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-label/Archie\x20SSD"; + { device = '/dev/disk/by-label/Archie\x20SSD'; fsType = "btrfs"; options = [ "subvol=@boot" "compress=zstd" ]; }; From 41b2aa1139fd9ddb995464883969504c6a75e2a5 Mon Sep 17 00:00:00 2001 From: Toast Date: Thu, 1 Jun 2023 21:58:52 +0000 Subject: [PATCH 3/5] Change labels to uuids on Archie's hardware-configuration.nix --- machines/Archie/hardware-configuration.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/machines/Archie/hardware-configuration.nix b/machines/Archie/hardware-configuration.nix index da89d2b..cd626b4 100644 --- a/machines/Archie/hardware-configuration.nix +++ b/machines/Archie/hardware-configuration.nix @@ -14,19 +14,19 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = '/dev/disk/by-label/Archie\x20SSD'; + { device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; fsType = "btrfs"; options = [ "subvol=@root" "compress=zstd" ]; }; fileSystems."/nix" = - { device = '/dev/disk/by-label/Archie\x20SSD'; + { device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; fsType = "btrfs"; options = [ "subvol=@nix" "compress=zstd" ]; }; fileSystems."/boot" = - { device = '/dev/disk/by-label/Archie\x20SSD'; + { device = "/dev/disk/by-uuid/5322c217-b87b-4150-8b4c-a8fa17a899bf"; fsType = "btrfs"; options = [ "subvol=@boot" "compress=zstd" ]; }; From 382c8a73d030651e334814fe67363e7c1d3e110a Mon Sep 17 00:00:00 2001 From: Toast Date: Mon, 5 Jun 2023 08:36:42 +0200 Subject: [PATCH 4/5] Enable networkmanager for archie --- machines/Archie/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/machines/Archie/configuration.nix b/machines/Archie/configuration.nix index 46adb1e..99ae850 100644 --- a/machines/Archie/configuration.nix +++ b/machines/Archie/configuration.nix @@ -19,6 +19,7 @@ boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "Archie"; # Define your hostname. + networking.networkmanager.enable = true; # Enable networking # Set your time zone. time.timeZone = "Europe/Madrid"; From 8578615936eec6c738aa6aea77c18858e813651d Mon Sep 17 00:00:00 2001 From: Toast Date: Mon, 5 Jun 2023 12:55:47 +0200 Subject: [PATCH 5/5] Set up secrets for Archie --- roles/common/configuration.nix | 8 ++++---- secrets/Archie/host-key-ed25519 | 14 ++++++++++++++ secrets/Archie/host-key-ed25519-public | 10 ++++++++++ secrets/Archie/host-key-rsa | Bin 0 -> 3757 bytes secrets/Archie/host-key-rsa-public | Bin 0 -> 1202 bytes secrets/secrets.nix | 5 +++++ 6 files changed, 33 insertions(+), 4 deletions(-) create mode 100644 secrets/Archie/host-key-ed25519 create mode 100644 secrets/Archie/host-key-ed25519-public create mode 100644 secrets/Archie/host-key-rsa create mode 100644 secrets/Archie/host-key-rsa-public diff --git a/roles/common/configuration.nix b/roles/common/configuration.nix index 2c4bba9..34901b3 100755 --- a/roles/common/configuration.nix +++ b/roles/common/configuration.nix @@ -24,23 +24,23 @@ secrets = { "ed25519" = { symlink = false; - file = ../../secrets/Everest/host-key-ed25519; + file = ../../secrets/${config.networking.hostName}/host-key-ed25519; path = "/etc/ssh/ssh_host_ed25519_key"; }; "rsa" = { symlink = false; - file = ../../secrets/Everest/host-key-rsa; + file = ../../secrets/${config.networking.hostName}/host-key-rsa; path= "/etc/ssh/ssh_host_rsa_key"; }; "ed25519-public" = { symlink = false; - file = ../../secrets/Everest/host-key-ed25519-public; + file = ../../secrets/${config.networking.hostName}/host-key-ed25519-public; path = "/etc/ssh/ssh_host_ed25519_key.pub"; mode = "0644"; }; "rsa-public" = { symlink = false; - file = ../../secrets/Everest/host-key-rsa-public; + file = ../../secrets/${config.networking.hostName}/host-key-rsa-public; path = "/etc/ssh/ssh_host_rsa_key.pub"; mode = "0644"; }; diff --git a/secrets/Archie/host-key-ed25519 b/secrets/Archie/host-key-ed25519 new file mode 100644 index 0000000..ddd8e91 --- /dev/null +++ b/secrets/Archie/host-key-ed25519 @@ -0,0 +1,14 @@ +age-encryption.org/v1 +-> ssh-ed25519 zhSyTg v0zMwf3PyU8i5Z8cKQAM8G/egqkmPONA7twvIsTtFUU +4BlqeR6PpQrYwf7BT1UXqzaiiNwHAxsbbvX1Sk7YG7M +-> ssh-ed25519 AuWU1Q m0nCQcYG0Jz8AeouayMRTPiQvZxWDbci88ouaaW1kBE +FMRP4tDLTQ8wo/9j6AaVhl4/amQAjgZDPKqmtzTwHbI +-> tR-grease jXU +zPQZdJy9DQ9MUenFWBk +--- NY5Z2u04JmXtfy09gfYTziCNqdXfSXQLe3n/e7wburg + +KQoa|ɗ .hS +^aɹL)m. At}BR!7J%f#f_/=d:\[ TxȔUs(:I~-i -l!(̮SG^٢Vڗig~MDdnWqÕb7P\CαI}msU4="1.:aT-Ooy%v$iBN)s8OV(EDžtWi;nP7Q0·tR+W1BdTTOWf>6C>nT¾ +K)D81il3JPQw.w\&6j T:8E`,"a҂<dKrc2䴃<~ +h?Fc + ΣJtoD \ No newline at end of file diff --git a/secrets/Archie/host-key-ed25519-public b/secrets/Archie/host-key-ed25519-public new file mode 100644 index 0000000..91e279e --- /dev/null +++ b/secrets/Archie/host-key-ed25519-public @@ -0,0 +1,10 @@ +age-encryption.org/v1 +-> ssh-ed25519 zhSyTg Xkk6wPQm3Sm3RuNyKhnKVz/evGJtr0UwhB7m2iuhrR4 +RMheqKeCD+Py22+xmvp3Se1z84t60+6y1Bbt7uYGxFs +-> ssh-ed25519 AuWU1Q 5l5/vuIGxW+6ZzlDKjLzNCxyiW1+Kh651xpnwjfF3FQ +ZIx/zZZMPpO8zDW5JdkucIBVH1xK4KtoA7Kovw+bcOU +-> 7%-grease [ wwEC MxP UF:U6Cy +Hp7t6AxdTAfm4r/LMWAt22vOYvhfHJLX4BIB7eEUfQnNAPIx43SrK8QIrAGHWbxN +hdO18C5g6xoE5HHz5uM5ASzUWC4Nws3OXwY +--- 2kwRA1NakiMhvMQgkaiEiJ93SkjTmOt77m0tO+e/p/w +^^I=*='V [$-ʲ} .=&ɭl@l5׏pIKVNCԎ I_<g.mf}O4( @ ; \ No newline at end of file diff --git a/secrets/Archie/host-key-rsa b/secrets/Archie/host-key-rsa new file mode 100644 index 0000000000000000000000000000000000000000..e323c7a1265ff3085212e80c09eed605c5a026e1 GIT binary patch literal 3757 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTy$_TCuNmnp+tB7(* zHVgNvDlJVb*Y^zb@-8y*cMnU}4$BTP%``6zGtH<-^T;f9isULNGAPRN^fq-1P0C3z z@~Sk+F|$Yu4mZe6OAQY-&JWAc_m4^ot@25ZOh>oPu{1o?Fi^qIBHui~Hz?A`EG@Sn z$0f4dDI=>gvdTYGJ5k@wEGi(#JgmeyKP5fNAe+m@y*RQUuOu=kJgC^e%() zafXM7Z%SZDj#-YYYi>cAyP>N`RzY}RplL~pUm(|Fr-+7{2dWz^cl$Q)3hC482)b5t z(?mSbz_@+M`vrZa%iBBBZ=PfBKG4f^;WhK~5%eUxcS^qVgJ9`r#g6rPrT5I6`g!gTVsWv>+ieGyp}Vz&gM0g?%-XU;8HjY zm%V>lZm6y;zji_Rl#%S^J()GNm29(%-|XBQzeY#&ZByvcM}_qqckcYwc9p)hIL(*M z*DZDZyvgrB1TJrH(93TY?Rj|l*3z4`jM3^>&MmoVIkEKTx)k^IPtpU#mZ;ybkd8VM zw>$@z4y zU2%0>uPLjUaU9r+O)!ThxC=cu6q-!lP?L1G|Uw(D9ozi1pCLh(fMDnII zo5`ek=G{Lhx@{=8n!fa35$CgJW=ETXk2kk_Eo;>+onZA-vy$2M;LhW}``HZ*Ry=&b zS2^ilFuTm8f{E`p3l3R?B;Z)80GXy8SC3m5O=`U)jEKs#x_ArW;=a&fnhg*LmNsQ$-`rSKs;+aQdYMS@KHv)=p-Wux1>^OFikGE}u+3QA4nF8{88GIq#uXkO|@&PKksMEpDTLE;qt~cZ@)x!M|#*@lb4(EqmCz8tj^P7 zLek8tJt|s>E9Jh#9?oB6(&;#1!>l_Oxq|lvzQ7q7W*d$51cw%tL?vl9;n$shXCu$?X9#-^T{mAkIyS{5+7%#ihd?mVOVq1A-_ zf$#S-Pqr{Wsj7LD=Y{Z-2F)+2nHvA z>{a8NB6QGfVczd)YZKSp{5iLOwo%^tz~tuvg`8L2lYf_LI%|cxs4-0yiQB8S$}CS< zK>Fk%r@i?To;^={Yqe9?4A z^U2%y19kYNb)zFUymjD;60m4_YFs@#KlJQ1O}n)&=cip!n{dAGzS7}4n~U}Gi<)E% zQeP}NGi|A=^6dJ>rgeubs!Zqp=N7)Httxo)kN=VGjk5!{ux$K2u~36~s_2^C$)Ts7 zh@`0JvqhBe?U={1;_RJZZ%x6U&igvoUDB>T@%+z|8xOmG&J4SC=DoS_jCmVEqw@{@ z*!SI0T|HB2(zdhWzs~fSEh)cSS^bZ(tf!h`I9UYlpie|sO#+{Fxz z-=*9yH(s85i({YREYW2f4$aAMco^a`r@-y&qAAWn3EQ5owpVKXy)Wu$+NNEu?UxS- zJY0Wt$!9iGJ53uO-_sK>2}lP?s9or7eSTA+$na38i#-1EJpJV5fZTaQGix%!x zzVSYuk&}PbA$47c4aUdhqvc|w|D18y*pqon`)sZ5*$X}P=4smxt~=adW_-YeeeKLU zlXe(CtTOxlz4*KBy4`z>)-U36`Ey7-!b15bSI+g2`gE*2K%;%tVE=6^bOCfqX( zixmpu`S_IOyVtx{XZc@A^pajc}(1k9!Y#oO`DjphhxI5 z?GCG@BOcG?(5SLZP-aNjDivk##Hl~ea+Y|MyTUs)EzNkoMcy6heGz4|9%Stf+3{wR z#ml!lw(QgSV;_1%`e)6g867)aoDNO#?CqY)>GzvqpL^R~gT{<}#T3Nd8 zlZ#}{tx{ozNVTkC2@K` zs(r83+z@)GwnZjgRlnV}tM@j;>8LNyy2UQ6zZj7wF=4yntq%=dg^CPOCn_z|T&Er=T4s= z7;yKbf9a=HHB$3E_jk=XP@uf|=QpPO)gL<6UE_>fWH?FqtM$suN7v0`T_DCfr9Sg& z_~j?Om+Nn+T0dEiTxkVXmRhRH;0|jw)#nO zy|aCP9R9h!e5%TOzxDY=jLjt>PQ70v4=pzPpSHo@?B$O?<~JfX`R2{oFwyVRWk1Q6 z4|sAmu*G~*i@M0IWB2FE{O5PLR?o0J;ZmeM)j#IibgqB>XKw4iDSuPsK7y2Pg&TzX~$;8m!&CF-|v1SIVmKyyL`jl z?AjE?>~e-9YyUIeI3;4Wf90E}K7YS4E^PJG7X&!6kc$Ob9P|etB@P~WxDzCrkjk|6>Hwg-v7ng34 ztX;)!(sJ%=Vw&j^ed(sRE^)uBA|=K4E!u3e{7lW7-|KyX9E_*BRPZx(hxQ-N{jzko zO~Qq1FKpku-a9k>$2PO40oOFIEIEB`&862G!V~k7cAxhP%Z+fq7icH2SXEqWkF%Fn z2~R-XR{Pm@ljPs1OkC8ebN~92rKLqy&-d{E*So(%R_eBu^$Ja=*;5U#)kc_}ee5M$ z$>LKv^;Gnax+?a*5Qi;GuBy-NUiQ|xHFf1lxo+J{*|SY+h4NY&gcH0ku1@=PSm^vw zpM(uockeJ|tUZ+-wuN(J@!S??`J8pP_CD5m7~c`)`gqlK`;?2??zzS*bMp#j=82bv zPdL2)tf_0)uD@F9;+bo$H$MsjeJ+QztbaIL`C)wKu23*J(dw k7cC6t(%oU_^FD3noEiR{>Zkfni`~C|>-#}Ib3Nyk0R7An-~a#s literal 0 HcmV?d00001 diff --git a/secrets/Archie/host-key-rsa-public b/secrets/Archie/host-key-rsa-public new file mode 100644 index 0000000000000000000000000000000000000000..8bb561db243e632bdcd11af2bd6650d03abb2a55 GIT binary patch literal 1202 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCTy$_TCuNmnSVNOKA> zvq%Bvb}2LsPV?1Hu{3ru zax*A#Ht;bD@NzUt_s@3mFLCyYa*s4N_jk)MOGdZNu{1o?Fi=6;r660sys{$DGuNri zBhfje+&IfOJIX@etoICpYYhvelA0*4fuRRyeHe80)I`$xisQ`I*mqq!@--YWR{%>23)TgIi0N)wdW ztTzRB7;3uoM0rY8{(J5G@JGmxkA13lZ~Q$p%`L#bM& zAvK?=uSRyM&E93+9ZK8IF>+h%FDcB~k`pcO5M;X|>9WJK6OXqsO-%afw_?-k8g;R} z?dfd?Jc?I*+5O5kL-SGbmqqi#I{v4|^t8pE%P9SMzPVD>H?Q;Nro?51{W_61>V1BG zY4E#Uw{HG{Sx=4oN_Xe2e;jyWe!|Ve_fs>rE!(ngPA1Eh>l2E7LbT$7(j*gZMLo~) zwvw7>x3GytdvduiM`5pJlF_c{C;#$WwfA@nTI@85lsZ~029-+J7keA4FDi=y&p)|{CeOCMz2xI8J-^N!@zb^8q@I~c#U zO!!>NY&7R=shT{F?~;1Bk!4=Kg2a@`I;G*U3W#V6`Jv*?(!pdg|(k% zMSi(0aG}<4-P~8fcZ%wtRBrHLvb$Eg)alXFFYlL|2gPxAG+tPhYhPsM?{QE0_r$Xn z*0oO@zs=i}{KfFv{;GAarfKvo*SZn6J?kvX_4N!Zk8oxx)rV?me?K4oZz=o24~JX( zTkrpGJdk+Hv+ePg|^)3P;tq&hckTP{{~u6g;zvdpXJY~0LP!mr0% nP0W~IX}L;yvFnA1_6fUqC-#>q>s@|cG)Z!nq)X3}3ICG;l2H|N literal 0 HcmV?d00001 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 848c315..5c1d5a7 100755 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -1,5 +1,6 @@ let everest = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID7GzKZIK/UAMfRjsaxWWKOBqG7sa1ttJ+Gp0zTQSBXM root@Everest"; + archie = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINuqKOfYb2lyhoQYBQbuIEyMomze872rnpxDnax8BsC5 root@Archie"; bootsrtrap = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKloSXSeF4dNXebd93uMuiFuXRHfxo/he4+O9SFTz1s bootstrap key"; in { @@ -10,4 +11,8 @@ in "Everest/host-key-ed25519-public".publicKeys = [ everest bootsrtrap ]; "Everest/host-key-rsa".publicKeys = [ everest bootsrtrap ]; "Everest/host-key-rsa-public".publicKeys = [ everest bootsrtrap ]; + "Archie/host-key-ed25519".publicKeys = [ archie bootsrtrap ]; + "Archie/host-key-ed25519-public".publicKeys = [ archie bootsrtrap ]; + "Archie/host-key-rsa".publicKeys = [ archie bootsrtrap ]; + "Archie/host-key-rsa-public".publicKeys = [ archie bootsrtrap ]; }