Merge branch 'nixops' of ssh://git.fudo.org:2222/fudosys/NixOS into nixops

config/hosts/procul.nix

@@ -1,4 +1,17 @@
 {
   description = "informis.land server.";
   docker-server = true;
+  ssh-fingerprints = [
+    "1 1 d089902f60751b3d35b5329bf7b906df254d5fa7"
+    "1 2 8deebf42bbc40881a327f561bffd5d7bd328a4fc94d4e4ce8c502a9c6cbdfb92"
+    "4 1 2a8e086d3589ce50b58c55bc35638af8da23988e"
+    "4 2 55a9f7c0addf08bb24c62ced954574db6e95eff38ee56d6a2cff312d20eb910e"
+  ];
+  rp = "niten";
+  admin-email = "niten@fudo.org";
+  domain = "informis.land";
+  site = "joes-datacenter-0";
+  profile = "server";
+  ssh-pubkey =
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKEsvl1mTSWJJrqXbYrc8wYdlOiW5gNg4Nzf2QCxB6XW";
 }

config/hosts/spark.nix

@@ -11,4 +11,7 @@
   enable-gui = true;
   ssh-pubkey =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO67/CNhiG9UynaflmZUUK7f3O/GwFpnXri/PxpgHcPa";
+  profile = "desktop";
+  domain = "sea.fudo.org";
+  site = "seattle";
 }

config/hosts/zbox.nix

@@ -11,4 +11,7 @@
   enable-gui = true;
   ssh-pubkey =
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKVhHfRf2086SAqOmu2dNbsJI9UUAQWop+1lrcJlNgl8";
+  profile = "desktop";
+  domain = "sea.fudo.org";
+  site = "seattle";
 }

config/profile-config/common.nix

@@ -31,7 +31,7 @@ in {
     };
 
     libdefaults = {
-      allow_weak_crypto = false;
+      allow_weak_crypto = true;
       dns_lookup_kdc = true;
       dns_lookup_realm = true;
       forwardable = true;

lib/fudo/hosts.nix

@@ -150,7 +150,22 @@ in {
 
       # Necessary to ensure that Kerberos and Avahi both work. Kerberos needs
       # the fqdn of the host, whereas Avahi wants just the simple hostname.`
-      hosts = { "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; };
+      hosts = {
+        "127.0.0.2" = [ "${hostname}.${domain-name}" "${hostname}" ];
+        "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ];
+        "::1" = [ "${hostname}.${domain-name}" "${hostname}" ];
+      };
+    };
+
+    environment.etc.hosts = mkForce {
+      text = ''
+        127.0.0.1 ${hostname}.${domain-name} ${hostname} localhost
+        127.0.0.2 ${hostname} localhost
+        ::1 ${hostname}.${domain-name} ${hostname} localhost
+      '';
+      user = "root";
+      group = "root";
+      mode = "0444";
     };
 
     nix = mkIf

nixops/lib/hosts.nix

@@ -14,7 +14,7 @@ let
   initialize = import ../../initialize.nix;
 
   # This is a problem...it creates a second source of truth.
-  host-config = ip: config:
+  host-config = ip: port: config:
     { ... }: {
       imports = [
         (initialize {

nixops/seattle.nix

@@ -1,18 +1,26 @@
 let
+  deploy-port = 2112;
+
   nixos-version = "20.09";
 
-  hosts = import ./lib/hosts.nix { inherit nix-version; };
+  hosts = import ./lib/hosts.nix { inherit nixos-version; };
   seattle-host = ip: hostname: profile:
     let
       site = "seattle";
       domain = "sea.fudo.org";
-    in hosts.host-config ip { inherit hostname profile domain site; };
+    in hosts.host-config ip deploy-port {
+      inherit hostname profile domain site;
+    };
 
 in {
   network.description = "Seattle home network.";
 
-  nostromo = seattle-host "10.0.0.1" "nostromo" "server";
+  lambda = seattle-host "10.0.0.11" "lambda" "server";
-  lambda = seattle-host "10.0.0.3" "lambda" "server";
+  liminia = seattle-host "10.0.0.1" "limina" "server";
+  plato = seattle-host "10.0.0.21" "plato" "server";
   spark = seattle-host "10.0.0.108" "spark" "desktop";
   zbox = seattle-host "10.0.0.110" "zbox" "desktop";
+
+  #nostromo = seattle-host "10.0.0.1" "nostromo" "server";
+  #lambda = seattle-host "10.0.0.3" "lambda" "server";
 }