[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/03: hydra: node-129: Authorize berlin's SSH key for root user.
|
From: |
Maxim Cournoyer |
|
Subject: |
03/03: hydra: node-129: Authorize berlin's SSH key for root user. |
|
Date: |
Wed, 17 May 2023 23:16:50 -0400 (EDT) |
apteryx pushed a commit to branch master
in repository maintenance.
commit 995004a7316dd784d335b4112d84ecfb69f7703a
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Wed May 17 16:11:33 2023 -0400
hydra: node-129: Authorize berlin's SSH key for root user.
* hydra/deploy-node-129.scm (node-129-os) [services] <openssh>:
Authorize the berlin.guixsd.org.pub SSH key for the 'root' user.
Allow berlin (141.80.181.40) to connect as root.
---
hydra/deploy-node-129.scm | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 77f574c..e1e058e 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -241,7 +241,24 @@ devices {
(inherit config)
;; Only accept public key authentication for
;; enhanced security.
- (password-authentication? #f))))))
+ (password-authentication? #f)
+ ;; Connecting as root is only allowed from
+ ;; Berlin, and makes it possible to sync
+ ;; subvolumes via Btrfs send/receive.
+ (authorized-keys
+ (cons
+ `("root"
+ ,(local-file "keys/ssh/berlin.guixsd.org.pub"))
+ (openssh-configuration-authorized-keys config)))
+ ;; The default route configured on Berlin
+ ;; means it's seen as 141.80.181.40, not
+ ;; 141.80.167.131 to hydra-guix-129.
+ (extra-content
+ (string-append
+ (openssh-configuration-extra-content config)
+ "
+Match Address 141.80.181.40
+ PermitRootLogin yes\n")))))))
(swap-devices '())))) ;cannot do swap on Btrfs RAID
(list