From 9347bd64eabc9c70f2aafec57c403237b02e586d Mon Sep 17 00:00:00 2001 From: Jean-Paul Calderone <exarkun@twistedmatrix.com> Date: Wed, 30 Jun 2021 16:10:50 -0400 Subject: [PATCH] Configure the production grid with a deploy key --- morph/grid/production/grid.nix | 13 +++++++++++++ morph/grid/production/public-keys/deploy_key.pub | 1 + 2 files changed, 14 insertions(+) create mode 100644 morph/grid/production/public-keys/deploy_key.pub diff --git a/morph/grid/production/grid.nix b/morph/grid/production/grid.nix index fb680338..a7b8be20 100644 --- a/morph/grid/production/grid.nix +++ b/morph/grid/production/grid.nix @@ -13,6 +13,14 @@ let privateKeyPath = toString ./. + "/${rawConfig.privateKeyPath}"; }; + # Configure deployment management authorization for all systems in the grid. + deployment = { + services.private-storage.deployment = { + authorizedKey = builtins.readFile "${config.publicKeyPath}/deploy_key.pub"; + gridName = "production"; + }; + }; + payments = { imports = [ gridlib.issuer @@ -20,6 +28,7 @@ let (gridlib.customize-issuer (config // { monitoringvpnIPv4 = "172.23.23.11"; })) + deployment ]; }; @@ -33,6 +42,7 @@ let monitoringvpnIPv4 = "172.23.23.1"; stateVersion = "19.09"; }) + deployment ]; }; @@ -58,6 +68,9 @@ let monitoringvpnIPv4 = vpnIP; inherit stateVersion; })) + + # Also configure deployment management authorization + deployment ]; # And supply configuration for those hardware / network / bootloader diff --git a/morph/grid/production/public-keys/deploy_key.pub b/morph/grid/production/public-keys/deploy_key.pub new file mode 100644 index 00000000..3d9ea022 --- /dev/null +++ b/morph/grid/production/public-keys/deploy_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK50RwXncelNB4JAazoXEhCxXbJZ79qWcQMAWeX14H+W exarkun@baryon -- GitLab