diff --git a/config/hosts/procul.nix b/config/hosts/procul.nix index c9547fe..b5f3800 100644 --- a/config/hosts/procul.nix +++ b/config/hosts/procul.nix @@ -1,4 +1,17 @@ { description = "informis.land server."; docker-server = true; + ssh-fingerprints = [ + "1 1 d089902f60751b3d35b5329bf7b906df254d5fa7" + "1 2 8deebf42bbc40881a327f561bffd5d7bd328a4fc94d4e4ce8c502a9c6cbdfb92" + "4 1 2a8e086d3589ce50b58c55bc35638af8da23988e" + "4 2 55a9f7c0addf08bb24c62ced954574db6e95eff38ee56d6a2cff312d20eb910e" + ]; + rp = "niten"; + admin-email = "niten@fudo.org"; + domain = "informis.land"; + site = "joes-datacenter-0"; + profile = "server"; + ssh-pubkey = + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEsvl1mTSWJJrqXbYrc8wYdlOiW5gNg4Nzf2QCxB6XW"; } diff --git a/config/hosts/spark.nix b/config/hosts/spark.nix index 38fc00c..3b0b0c4 100644 --- a/config/hosts/spark.nix +++ b/config/hosts/spark.nix @@ -11,4 +11,7 @@ enable-gui = true; ssh-pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO67/CNhiG9UynaflmZUUK7f3O/GwFpnXri/PxpgHcPa"; + profile = "desktop"; + domain = "sea.fudo.org"; + site = "seattle"; } diff --git a/config/hosts/zbox.nix b/config/hosts/zbox.nix index 9a66a72..c257835 100644 --- a/config/hosts/zbox.nix +++ b/config/hosts/zbox.nix @@ -11,4 +11,7 @@ enable-gui = true; ssh-pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKVhHfRf2086SAqOmu2dNbsJI9UUAQWop+1lrcJlNgl8"; + profile = "desktop"; + domain = "sea.fudo.org"; + site = "seattle"; } diff --git a/config/profile-config/common.nix b/config/profile-config/common.nix index f27b7c4..e95e398 100644 --- a/config/profile-config/common.nix +++ b/config/profile-config/common.nix @@ -31,7 +31,7 @@ in { }; libdefaults = { - allow_weak_crypto = false; + allow_weak_crypto = true; dns_lookup_kdc = true; dns_lookup_realm = true; forwardable = true; diff --git a/lib/fudo/hosts.nix b/lib/fudo/hosts.nix index b772b68..10acca6 100644 --- a/lib/fudo/hosts.nix +++ b/lib/fudo/hosts.nix @@ -150,7 +150,22 @@ in { # Necessary to ensure that Kerberos and Avahi both work. Kerberos needs # the fqdn of the host, whereas Avahi wants just the simple hostname.` - hosts = { "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; }; + hosts = { + "127.0.0.2" = [ "${hostname}.${domain-name}" "${hostname}" ]; + "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; + "::1" = [ "${hostname}.${domain-name}" "${hostname}" ]; + }; + }; + + environment.etc.hosts = mkForce { + text = '' + 127.0.0.1 ${hostname}.${domain-name} ${hostname} localhost + 127.0.0.2 ${hostname} localhost + ::1 ${hostname}.${domain-name} ${hostname} localhost + ''; + user = "root"; + group = "root"; + mode = "0444"; }; nix = mkIf diff --git a/nixops/lib/hosts.nix b/nixops/lib/hosts.nix index 6e50ab5..a279063 100644 --- a/nixops/lib/hosts.nix +++ b/nixops/lib/hosts.nix @@ -14,7 +14,7 @@ let initialize = import ../../initialize.nix; # This is a problem...it creates a second source of truth. - host-config = ip: config: + host-config = ip: port: config: { ... }: { imports = [ (initialize { diff --git a/nixops/seattle.nix b/nixops/seattle.nix index c39e128..ae4cfc3 100644 --- a/nixops/seattle.nix +++ b/nixops/seattle.nix @@ -1,18 +1,26 @@ let + deploy-port = 2112; + nixos-version = "20.09"; - hosts = import ./lib/hosts.nix { inherit nix-version; }; + hosts = import ./lib/hosts.nix { inherit nixos-version; }; seattle-host = ip: hostname: profile: let site = "seattle"; domain = "sea.fudo.org"; - in hosts.host-config ip { inherit hostname profile domain site; }; + in hosts.host-config ip deploy-port { + inherit hostname profile domain site; + }; in { network.description = "Seattle home network."; - nostromo = seattle-host "10.0.0.1" "nostromo" "server"; - lambda = seattle-host "10.0.0.3" "lambda" "server"; + lambda = seattle-host "10.0.0.11" "lambda" "server"; + liminia = seattle-host "10.0.0.1" "limina" "server"; + plato = seattle-host "10.0.0.21" "plato" "server"; spark = seattle-host "10.0.0.108" "spark" "desktop"; zbox = seattle-host "10.0.0.110" "zbox" "desktop"; + + #nostromo = seattle-host "10.0.0.1" "nostromo" "server"; + #lambda = seattle-host "10.0.0.3" "lambda" "server"; }