test ssh configurationtest-2

author: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-11-15 22:55:42 +0100
committer: Marek Paśnikowski <marek@marekpasnikowski.pl> 2025-11-16 16:25:16 +0100
commit: fdc6ca597dee2c736d8d0e354201e6c8af7616a9 (patch)
tree: aff7861ab61e854e9d6e73b65ec7a2c171c8a8d6
parent: c1ef1c407957217aa6103b277eb3ebdb2175c35c (diff)
3 files changed, 63 insertions, 18 deletions
diff --git a/deployment/systems/aisaka.scm b/deployment/systems/aisaka.scm
index 6b071fb..273749f 100644
--- a/deployment/systems/aisaka.scm
+++ b/deployment/systems/aisaka.scm
@@ -251,10 +251,16 @@
    ((@ (gnu services version-control) gitolite-configuration)
     (rc-file ((@ (gnu services version-control) gitolite-rc-file)
               (umask #o0027)))
-    (admin-pubkey (mixed-text-file "gitolite-admin.pub"
-                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzC1VvW6TB4pMuGyfTM36T7Ar7FZqSXc7kCoVDNwtUX marek@akashi\n"
-                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJew7ti1qr545Z6OUZ/xcNUg7ib6P0pTbSZqFpSvNhKU marek@mcdowell\n"
-                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBo2coChmWHQn9BEbp0dA7DQG7CPEweVcsmnaIVmXyR marek@rakan\n")))))
+    (admin-pubkey (directory-union "gitolite-admin-keys.pub"
+                                   (list (file-union "akashi"
+                                                     `( ("gitolite-admin.pub" ,(mixed-text-file "gitolite-admin.pub"
+                                                                                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzC1VvW6TB4pMuGyfTM36T7Ar7FZqSXc7kCoVDNwtUX marek@akashi\n"))))
+                                         (file-union "mcdowell"
+                                                     `( ("gitolite-admin.pub" ,(mixed-text-file "gitolite-admin.pub"
+                                                                                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJew7ti1qr545Z6OUZ/xcNUg7ib6P0pTbSZqFpSvNhKU marek@mcdowell\n"))))
+                                         (file-union "rakan"
+                                                     `( ("gitolite-admin.pub" ,(mixed-text-file "gitolite-admin.pub"
+                                                                                                "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBo2coChmWHQn9BEbp0dA7DQG7CPEweVcsmnaIVmXyR marek@rakan\n"))))))))))
 
 (define system-keyboard-layout
   ((@ (gnu system keyboard) keyboard-layout)
diff --git a/deployment/systems/mcdowell.scm b/deployment/systems/mcdowell.scm
index 7a5cc02..d1e5766 100644
--- a/deployment/systems/mcdowell.scm
+++ b/deployment/systems/mcdowell.scm
@@ -94,7 +94,7 @@
                                     gnu:system:linux-initrd:%base-initrd-modules))
       (l-services           (cons*  l-guix-home-service
                                     (gnu:services:service gnu:services:ssh:openssh-service-type)
-                                    sovereign:packages:protonmail:nogui-profile
+                                    ; sovereign:packages:protonmail:nogui-profile
                                     (gnu:services:simple-service 'offload-rakan
                                                                  gnu:services:base:guix-service-type
                                                                  guix-offload-rakan)
diff --git a/users/id1000.scm b/users/id1000.scm
index 9564809..688f91b 100644
--- a/users/id1000.scm
+++ b/users/id1000.scm
@@ -13,6 +13,8 @@
                  #:prefix gnu:home:services:shepherd:)
   #:use-module ( (gnu home services sound)
                  #:prefix gnu:home:services:sound:)
+  #:use-module ( (gnu home services ssh)
+                 #:prefix gnu:home:services:ssh:)
   #:use-module ( (gnu packages audio)
                  #:prefix gnu:packages:audio:)
   #:use-module ( (gnu packages disk)
@@ -526,6 +528,42 @@
   (gnu:services:service (@ (gnu services mail) dovecot-service-type)
 	   dovecot-configuration*))
 
+(define openssh-host/*
+  (gnu:home:services:ssh:openssh-host
+    (name          "top-level")
+    (host-name     "*")
+    (extra-content (string-append "ServerAliveInterval 60\n"
+                                  "ServerAliveCountMax 2\n"))))
+
+(define openssh-configuration
+  (let
+    ( (l-aisaka   (mixed-text-file "aisaka-openssh-keys"
+                                   "aisaka ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n"
+                                   "[marekpasnikowski.pl]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM0Eh0q54myeSEironEP9DEKl+ownYuH7oSgAVuLIDNt\n"))
+      (l-akashi   (mixed-text-file "akashi-openssh-keys"
+                                   "\n"))
+      (l-marek    (mixed-text-file "marek-openssh-keys"
+                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFzC1VvW6TB4pMuGyfTM36T7Ar7FZqSXc7kCoVDNwtUX marek@akashi\n"
+                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJew7ti1qr545Z6OUZ/xcNUg7ib6P0pTbSZqFpSvNhKU marek@mcdowell\n"
+                                   "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICBo2coChmWHQn9BEbp0dA7DQG7CPEweVcsmnaIVmXyR marek@rakan\n"))
+      (l-mcdowell (mixed-text-file "mcdowell-openssh-keys"
+                                   "mcdowell ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP/EueZjfqWhdML17z+Da7+KWHofXBpP020ff1vKedOr\n"))
+      (l-rakan    (mixed-text-file "rakan-openssh-keys"
+                                   "rakan ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ\n"
+                                   "[marekpasnikowski.pl]:24 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFxlIhNlkWCNA+l/RiOJztB+VWhuJtDTUvSwwlE3MpgJ\n")))
+    (gnu:home:services:ssh:home-openssh-configuration
+      (hosts           (list openssh-host/*))
+      (known-hosts     (list l-aisaka
+                              l-akashi
+                              l-mcdowell
+                              l-rakan))
+      (authorized-keys (list l-marek)))))
+
+(define openssh
+  (gnu:services:service
+    gnu:home:services:ssh:home-openssh-service-type
+    openssh-configuration))
+
 (define-public smtp-service
   (gnu:services:service (@ (gnu services mail) opensmtpd-service-type)
 	   opensmtpd-configuration*))
@@ -552,10 +590,13 @@
       (l-home-pipewire-service (gnu:services:service gnu:home:services:sound:home-pipewire-service-type))
       (l-home-shepherd-service (gnu:services:service gnu:home:services:shepherd:home-shepherd-service-type)))
     (let
-      ( (l-gitconfig (list "git/config"
-                           l-gitconfig-file))
-        (l-gitignore (list "git/ignore"
-                           l-gitignore-file))
+      ( (l-gitconfig          (list "git/config"
+                                    l-gitconfig-file))
+        (l-gitignore          (list "git/ignore"
+                                    l-gitignore-file))
+        (l-fontconfig         (sovereign:services:fontutils:home-fontconfig-service-type #f
+                                                                                         #f
+                                                                                         "Noto"))
         (l-home-files-service (gnu:services:simple-service 'home-files
                                                            gnu:home:services:home-files-service-type
                                                            l-home-files)))
@@ -569,20 +610,18 @@
                                            environment-variables
                                            l-git-configuration
                                            l-home-files-service
-                                           (sovereign:services:fontutils:home-fontconfig-service-type #f
-                                                                                                      #f
-                                                                                                      "Noto")))
-          (l-services                (cons* sovereign:services:admin:update-commands
-                                            l-home-dbus-service
-                                            l-home-pipewire-service
-                                            l-home-shepherd-service
-                                            l-user-services)))
+                                           l-fontconfig)))
         (gnu:home:home-environment
           (packages (cons* gnu:packages:version-control:git
                            gnu:packages:disk:gparted
                            gnu:packages:librewolf:librewolf
                            sovereign:systems:common-home-environment-packages))
-          (services l-services))))))
+          (services (cons* sovereign:services:admin:update-commands
+                           l-home-dbus-service
+                           l-home-pipewire-service
+                           l-home-shepherd-service
+                           openssh
+                           l-user-services)))))))
 
 (define-public name/home-environment
   (list uid1000-name
author	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-11-15 22:55:42 +0100
committer	Marek Paśnikowski <marek@marekpasnikowski.pl>	2025-11-16 16:25:16 +0100
commit	fdc6ca597dee2c736d8d0e354201e6c8af7616a9 (patch)
tree	aff7861ab61e854e9d6e73b65ec7a2c171c8a8d6
parent	c1ef1c407957217aa6103b277eb3ebdb2175c35c (diff)