samfelag/docs/hosts.org

Hosts

• Setting up a new vult host
  • Generate a password for your host
  • Change the password in the host
  • You can now ssh into the host with the new password
• Setting up a new host
  • Generate a host ssh key pair
  • Deploy the ssh keypair
  • Add the public key to secrets.nix
  • SSH public key authentication
• List of hosts
  • Reykjavik
  • Kopavogur

Setting up a new vult host

Generate a password for your host

pass generate samfelag/<host>

Change the password in the host

Enter into the host via the vultr dashboard "View Console"

passwd

You can now ssh into the host with the new password

ssh nixos@<host_public_ip>

Setting up a new host

Generate a host ssh key pair

Generate the key pair (we'll use the name `id_<host>`)

ssh-keygen -f id_<host>

Encrypt the private key if you want to put it in the repo:

gpg -r marc@sastre.cat -e id_<host>

You can decrypt it later with:

gpg -d id_<host>.gpg > id_<host>

Deploy the ssh keypair

You can use scp:

scp id_<host> <user>@<host>:.ssh/id_<host>
scp id_<host>.pub <user>@<host>:.ssh/id_<host>.pub

Create a symbolic link for the host key (so we can use uniform naming in other parts):

ln -s ~/.ssh/id_<host> ~/.ssh/id_ed25519

Add the public key to secrets.nix

In the agenix secrets file add the public key, and give access to the necessary secrets. Remember to rekey the secrets afterwards:

agenix --rekey

SSH public key authentication

Setting up authentication from localhost (client) to remotehost (server). On localhost run:

ssh-keygen -f ~/.ssh/remotehost
ssh-copy-id -i ~/.ssh/remotehost remotehost-or-ip

We may want to edit the ssh config file to use this ssh key when connection to remotehost:

Host remotehost
  # HostName 192.168.1.105
  # Port 22
  # User user

  IdentitiesOnly yes
  IdentityFile ~/.ssh/remotehost

List of hosts

Reykjavik

Kopavogur