samfelag/docs/hosts.org

#+title: Hosts
* Setting up a new vult host
** Generate a password for your host
#+begin_src bash
pass generate samfelag/<host>
#+end_src
** Change the password in the host
Enter into the host via the vultr dashboard "View Console"
#+begin_src bash
passwd
#+end_src
** You can now ssh into the host with the new password
#+begin_src bash
ssh nixos@<host_public_ip>
#+end_src
* Setting up a new host
** Generate a host ssh key pair
Generate the key pair (we'll use the name `id_<host>`)
#+BEGIN_SRC bash
ssh-keygen -f id_<host>
#+END_SRC
Encrypt the private key if you want to put it in the repo:
#+begin_src bash
gpg -r marc@sastre.cat -e id_<host>
#+end_src
You can decrypt it later with:
#+begin_src bash
gpg -d id_<host>.gpg > id_<host>
#+end_src
** Deploy the ssh keypair
You can use scp:
#+begin_src bash
scp id_<host> <user>@<host>:.ssh/id_<host>
scp id_<host>.pub <user>@<host>:.ssh/id_<host>.pub
#+end_src
Create a symbolic link for the host key (so we can use uniform naming in other parts):
#+begin_src bash
ln -s ~/.ssh/id_<host> ~/.ssh/id_ed25519
#+end_src
** Add the public key to secrets.nix
In the [[file:../secrets/secrets.nix][agenix secrets file]] add the public key, and give access to the necessary secrets.
Remember to rekey the secrets afterwards:
#+begin_src bash
agenix --rekey
#+end_src
** SSH public key authentication
Setting up authentication from localhost (client) to remotehost (server). On localhost run:
#+BEGIN_SRC bash
ssh-keygen -f ~/.ssh/remotehost
ssh-copy-id -i ~/.ssh/remotehost remotehost-or-ip
#+END_SRC
We may want to edit the ssh config file to use this ssh key when connection to remotehost:
#+BEGIN_SRC
Host remotehost
  # HostName 192.168.1.105
  # Port 22
  # User user

  IdentitiesOnly yes
  IdentityFile ~/.ssh/remotehost
#+END_SRC
* List of hosts
** [[file:../hosts/reykjavik/README.org][Reykjavik]]
** [[file:../hosts/kopavogur/README.org][Kopavogur]]