[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
02/02: hydra: Switch from lsh to OpenSSH.
From: |
Ludovic Courtès |
Subject: |
02/02: hydra: Switch from lsh to OpenSSH. |
Date: |
Sun, 30 Jul 2017 10:31:27 -0400 (EDT) |
civodul pushed a commit to branch master
in repository maintenance.
commit ee45ed65cac0ac00513ff564ae2c883be112d47e
Author: Ludovic Courtès <address@hidden>
Date: Sun Jul 30 16:25:19 2017 +0200
hydra: Switch from lsh to OpenSSH.
* hydra/keys/lsh: Remove.
* hydra/keys/ssh: New directory, with keys from 'hydra/keys/lsh'
converted with 'lsh-export-key --openssh'.
* hydra/modules/sysadmin/people.scm (<sysadmin>)[lsh-public-key]: Rename
to 'ssh-public-key'.
(sysadmin-lsh-authorization): Remove.
(sysadmin->authorized-key): New procedure.
(sysadmin-service-type)[extensions]: Remove extension of
ACTIVATION-SERVICE-TYPE. Extend OPENSSH-SERVICE-TYPE.
* hydra/modules/sysadmin/build-machines.scm (build-machine-os): Use
OPENSSH-SERVICE-TYPE instead of 'lsh-service'.
* hydra/bayfront.scm (%sysadmins): Adjust to new 'ssh-public-key' field.
<services>: Use OPENSSH-SERVICE-TYPE instead of 'lsh-service'.
* hydra/berlin.scm (%sysadmins): Adjust to new 'ssh-public-key' field.
<services>: Use OPENSSH-SERVICE-TYPE instead of 'lsh-service'.
* hydra/build-machine.scm (%sysadmins): Adjust to new 'ssh-public-key'
field.
---
hydra/bayfront.scm | 8 ++---
hydra/berlin.scm | 12 ++++----
hydra/build-machine.scm | 8 ++---
hydra/keys/lsh/andreas.pub | 1 -
hydra/keys/lsh/hydra.gnu.org.pub | 1 -
hydra/keys/lsh/ludo.pub | 1 -
hydra/keys/lsh/mthl.pub | 1 -
hydra/keys/lsh/rekado.pub | 1 -
hydra/keys/ssh/andreas.pub | 1 +
hydra/keys/ssh/hydra.gnu.org.pub | 1 +
hydra/keys/ssh/ludo.pub | 1 +
hydra/keys/ssh/mthl.pub | 1 +
hydra/keys/ssh/rekado.pub | 1 +
hydra/modules/sysadmin/build-machines.scm | 4 +--
hydra/modules/sysadmin/people.scm | 49 +++++++------------------------
15 files changed, 31 insertions(+), 60 deletions(-)
diff --git a/hydra/bayfront.scm b/hydra/bayfront.scm
index bfce3a1..a72dff2 100644
--- a/hydra/bayfront.scm
+++ b/hydra/bayfront.scm
@@ -8,13 +8,13 @@
;; The sysadmins.
(list (sysadmin (name "ludo")
(full-name "Ludovic Courtès")
- (lsh-public-key (local-file "keys/lsh/ludo.pub")))
+ (ssh-public-key (local-file "keys/ssh/ludo.pub")))
(sysadmin (name "andreas")
(full-name "Andreas Enge")
- (lsh-public-key (local-file "keys/lsh/andreas.pub")))
+ (ssh-public-key (local-file "keys/ssh/andreas.pub")))
(sysadmin (name "rekado")
(full-name "Ricardo Wurmus")
- (lsh-public-key (local-file "keys/lsh/rekado.pub")))))
+ (ssh-public-key (local-file "keys/ssh/rekado.pub")))))
(define %gc-job
@@ -215,7 +215,7 @@ Happy hacking!\n"))
;; Don't repeat #:gateway and #:name-servers.
)
- (lsh-service #:port-number 22)
+ (service openssh-service-type)
;; The Web service.
(service guix-publish-service-type
diff --git a/hydra/berlin.scm b/hydra/berlin.scm
index 80d9ef8..90b9344 100644
--- a/hydra/berlin.scm
+++ b/hydra/berlin.scm
@@ -4,22 +4,22 @@
(use-modules (gnu) (guix) (sysadmin people))
(use-service-modules base networking admin mcron shepherd ssh web cuirass)
(use-package-modules admin certs emacs linux ssh tls vim package-management
- web wget ci version-control)
+ web wget ci)
(define %sysadmins
;; The sysadmins.
(list (sysadmin (name "ludo")
(full-name "Ludovic Courtès")
- (lsh-public-key (local-file "keys/lsh/ludo.pub")))
+ (ssh-public-key (local-file "keys/ssh/ludo.pub")))
(sysadmin (name "rekado")
(full-name "Ricardo Wurmus")
- (lsh-public-key (local-file "keys/lsh/rekado.pub")))
+ (ssh-public-key (local-file "keys/ssh/rekado.pub")))
(sysadmin (name "andreas")
(full-name "Andreas Enge")
- (lsh-public-key (local-file "keys/lsh/andreas.pub")))
+ (ssh-public-key (local-file "keys/ssh/andreas.pub")))
;; (sysadmin (name "bi-admin")
;; (full-name "MDC admin")
- ;; (lsh-public-key (local-file "keys/lsh/bi-admin.pub")))
+ ;; (ssh-public-key (local-file "keys/ssh/bi-admin.pub")))
))
@@ -235,7 +235,7 @@ Happy hacking!\n"))
"141.80.181.40"
#:netmask "255.255.255.0"
#:gateway "141.80.181.1")
- (lsh-service #:port-number 22)
+ (service openssh-service-type)
;; Allow login over serial console.
(agetty-service (agetty-configuration
diff --git a/hydra/build-machine.scm b/hydra/build-machine.scm
index 7fbe974..1b54f82 100644
--- a/hydra/build-machine.scm
+++ b/hydra/build-machine.scm
@@ -1,5 +1,5 @@
;; GuixSD configuration file for the build machines.
-;; Copyright © 2016 Ludovic Courtès <address@hidden>
+;; Copyright © 2016, 2017 Ludovic Courtès <address@hidden>
;; Released under the GNU GPLv3 or any later version.
(use-modules (sysadmin people)
@@ -10,12 +10,12 @@
;; The fine folks!
(list (sysadmin (name "ludo")
(full-name "Ludovic Courtès")
- (lsh-public-key (local-file "keys/lsh/ludo.pub")))
+ (ssh-public-key (local-file "keys/ssh/ludo.pub")))
(sysadmin (name "hydra") ;fake sysadmin
(full-name "Hydra User")
(restricted? #t)
- (lsh-public-key
- (local-file "keys/lsh/hydra.gnu.org.pub")))))
+ (ssh-public-key
+ (local-file "keys/ssh/hydra.gnu.org.pub")))))
(define %authorized-guix-keys
;; List of authorized 'guix archive' keys.
diff --git a/hydra/keys/lsh/andreas.pub b/hydra/keys/lsh/andreas.pub
deleted file mode 100644
index 689f7a5..0000000
--- a/hydra/keys/lsh/andreas.pub
+++ /dev/null
@@ -1 +0,0 @@
-{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuMjU3OgCubyzz15cXb6jSZxiRteEY2fH1GaLFSSdpXp+q8Vhy2BpLCd31X6jyPRhX2upQOZYVWhT89rgOzWcWa0oxfVB9LWyyQ6A9se/Q8tSC6dZIfI+zP8eAxHqkoybc+BciAKprtNxSDTliHGcbRoZe7OTYyQnrAqm5rtZ52oxixFr/UyfCcX4UnCaHm8GqYyyZqZNnXdpHHu9UFubpOZ9FNaSNtBlaQ4mmTQth6rjpZZ5fZ/8HuwN0hNCl60i2peycTejaEsXNVwyZEva3T0IHvq4+FuYrU4GanW1bWKURhRgyWauydnNYv5/Ui1lXXfMh8MaYCZpHzaHVCnwIcmk5k5/bKSgxOmUzOgEAASkpKQ==}
\ No newline at end of file
diff --git a/hydra/keys/lsh/hydra.gnu.org.pub b/hydra/keys/lsh/hydra.gnu.org.pub
deleted file mode 100644
index 2b5f234..0000000
--- a/hydra/keys/lsh/hydra.gnu.org.pub
+++ /dev/null
@@ -1 +0,0 @@
-{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuMjU3OgCBOYj9l4ChwCA4FjuzC9YSJRkI1CRoKLjHM9SM4DDRX+I2mdr/Cr02y8yNK9GZfrObWGXlYfcsbEBWhn2nNGMG8gvGAqbIGKJX8Yv3qHCJeWBaAaqSC4ZNFL6EBj6VMqW/jsfZeJVaXd3lzBQp1T+lISy+tN8fOUPjmWJ4hzIghxBrziAvfDIDz+4TpLGORJPZBqcyBMEAJMP8xjbqLvHAuK6f44Liz9j5xJVSQyv7NSm9B8E59zalznIGuf2nsDeg9KBoLM8rT/bVf/DOMG5YINvh5cvjbZUcX0ow0/U4CC4fcQMmMw6n+CR9dYBZdIO3bwhK9hylGhUAF37B1eDfKSgxOmU0Oilc9OcpKSk=}
diff --git a/hydra/keys/lsh/ludo.pub b/hydra/keys/lsh/ludo.pub
deleted file mode 100644
index a1acf48..0000000
--- a/hydra/keys/lsh/ludo.pub
+++ /dev/null
@@ -1 +0,0 @@
-{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuMjU3OgDGtkrVrOXUsvNzKNQMDzdKIjN5rwkDgQzCI4pnFbHf7BJVkawu1JBxlFyNQML5y6QXmZvKXJXTsR299ldetzJrCh+hxxynKJJafbW4lxt9qLFkGVUOSMX0/7WwyeC2uiVqpQ4LLeQMFkawQeFEciC9/Tbch/N4DANmgoJNjVQzlz+uoa9YOBBmVWR1hkLzuU8v9SC7aheGavRVXagW8/NJ5QRtsDH9waJhIwV9SqKLcuVtWRftAvS3g5aygyBluXmYn1GnA0543JfOwU1yuhtYnXITWkPRGWu0joymIQKfVOzTiepRGK/5d/3TZNjLIyV8Y9gl/1ikH4Gaa3RMN68PKSgxOmUzOgEAASkpKQ==}
\ No newline at end of file
diff --git a/hydra/keys/lsh/mthl.pub b/hydra/keys/lsh/mthl.pub
deleted file mode 100644
index c210e06..0000000
--- a/hydra/keys/lsh/mthl.pub
+++ /dev/null
@@ -1 +0,0 @@
-{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuMjU3OgDht8d/zgtVw4tsVNzCLb0Du1dWKsxKqteBi0GEYhTnZ3I8MriUVZOD4USI8Oc43deqqGUXVkBVFfAxgkjWm7Ab0zMmOSNwsOQTr9VWage8JnRO1Ij6atcwLUVp3IERG1mXWe6CWtk9BZ8UeMI4od1Lt6jkJVMbhV0uv9tO8PAC3Z6SvKt/+X3po0gkQJKYMTIFPPp+oLcQAlnomj4uQlPaIR/GxxsgK6J4WAhKzQfh5tQlRIDVbhR5EjR1BoQ22AY3Dw9AOQ906I/BwAPGbdPX9q/1CkEd7vgL3vYTyRriGg9adWUqfqOpniQnCzUVT12sge3fg+GwEICewIyDg/DzKSgxOmUzOgEAASkpKQ==}
\ No newline at end of file
diff --git a/hydra/keys/lsh/rekado.pub b/hydra/keys/lsh/rekado.pub
deleted file mode 100644
index 5556e08..0000000
--- a/hydra/keys/lsh/rekado.pub
+++ /dev/null
@@ -1 +0,0 @@
-{KDEwOnB1YmxpYy1rZXkoMTQ6cnNhLXBrY3MxLXNoYTEoMTpuNTEzOgDTAGw5GVWhqBo+XqtgYUcGAw+/63v+k7VovGzNzzaZPUELEfOXlx+Sm5oZ71KH/qpgRwdyxqxJf2ydsuq0wDRWMzyD0J5Mt59I3gm2dbPpN86+owZcvo/8V8gIVFg7hayXiIbtk9ZQA3TmzYJ7EY+ZbXFuHyqkPZKMWZdy8B7wwHIwVkUlxcH3iabxPvPTtO310DUTgqarD4jxsL1ulocP8X6vAH/PBYzVHucUeBD3v/AfZYAH8QE7JSsZiHyqcuDvelsPq5+LOQ/kXky/XuGgAa93L9mZBAsuyBq6KRqPkgYjPgI/A0oLYFtOXfQW5ORCm7BnLfF0WLQ8nvdAfsf+uRQYtRejzW9blx73CE5vV52WlWYLeUme8IC6JaeWKCPkRkGZfPLgE9rGO27thaqIv/14SPWUp7jTiKJA+k+bAs/p5v8APmE
[...]
diff --git a/hydra/keys/ssh/andreas.pub b/hydra/keys/ssh/andreas.pub
new file mode 100644
index 0000000..c17559e
--- /dev/null
+++ b/hydra/keys/ssh/andreas.pub
@@ -0,0 +1 @@
+ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCubyzz15cXb6jSZxiRteEY2fH1GaLFSSdpXp+q8Vhy2BpLCd31X6jyPRhX2upQOZYVWhT89rgOzWcWa0oxfVB9LWyyQ6A9se/Q8tSC6dZIfI+zP8eAxHqkoybc+BciAKprtNxSDTliHGcbRoZe7OTYyQnrAqm5rtZ52oxixFr/UyfCcX4UnCaHm8GqYyyZqZNnXdpHHu9UFubpOZ9FNaSNtBlaQ4mmTQth6rjpZZ5fZ/8HuwN0hNCl60i2peycTejaEsXNVwyZEva3T0IHvq4+FuYrU4GanW1bWKURhRgyWauydnNYv5/Ui1lXXfMh8MaYCZpHzaHVCnwIcmk5k5/b
diff --git a/hydra/keys/ssh/hydra.gnu.org.pub b/hydra/keys/ssh/hydra.gnu.org.pub
new file mode 100644
index 0000000..b232d46
--- /dev/null
+++ b/hydra/keys/ssh/hydra.gnu.org.pub
@@ -0,0 +1 @@
+ssh-rsa
AAAAB3NzaC1yc2EAAAAEKVz05wAAAQEAgTmI/ZeAocAgOBY7swvWEiUZCNQkaCi4xzPUjOAw0V/iNpna/wq9NsvMjSvRmX6zm1hl5WH3LGxAVoZ9pzRjBvILxgKmyBiiV/GL96hwiXlgWgGqkguGTRS+hAY+lTKlv47H2XiVWl3d5cwUKdU/pSEsvrTfHzlD45lieIcyIIcQa84gL3wyA8/uE6SxjkST2QanMgTBACTD/MY26i7xwLiun+OC4s/Y+cSVUkMr+zUpvQfBOfc2pc5yBrn9p7A3oPSgaCzPK0/21X/wzjBuWCDb4eXL422VHF9KMNP1OAguH3EDJjMOp/gkfXWAWXSDt28ISvYcpRoVABd+wdXg3w==
diff --git a/hydra/keys/ssh/ludo.pub b/hydra/keys/ssh/ludo.pub
new file mode 100644
index 0000000..49f4313
--- /dev/null
+++ b/hydra/keys/ssh/ludo.pub
@@ -0,0 +1 @@
+ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDGtkrVrOXUsvNzKNQMDzdKIjN5rwkDgQzCI4pnFbHf7BJVkawu1JBxlFyNQML5y6QXmZvKXJXTsR299ldetzJrCh+hxxynKJJafbW4lxt9qLFkGVUOSMX0/7WwyeC2uiVqpQ4LLeQMFkawQeFEciC9/Tbch/N4DANmgoJNjVQzlz+uoa9YOBBmVWR1hkLzuU8v9SC7aheGavRVXagW8/NJ5QRtsDH9waJhIwV9SqKLcuVtWRftAvS3g5aygyBluXmYn1GnA0543JfOwU1yuhtYnXITWkPRGWu0joymIQKfVOzTiepRGK/5d/3TZNjLIyV8Y9gl/1ikH4Gaa3RMN68P
diff --git a/hydra/keys/ssh/mthl.pub b/hydra/keys/ssh/mthl.pub
new file mode 100644
index 0000000..34fc274
--- /dev/null
+++ b/hydra/keys/ssh/mthl.pub
@@ -0,0 +1 @@
+ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQDht8d/zgtVw4tsVNzCLb0Du1dWKsxKqteBi0GEYhTnZ3I8MriUVZOD4USI8Oc43deqqGUXVkBVFfAxgkjWm7Ab0zMmOSNwsOQTr9VWage8JnRO1Ij6atcwLUVp3IERG1mXWe6CWtk9BZ8UeMI4od1Lt6jkJVMbhV0uv9tO8PAC3Z6SvKt/+X3po0gkQJKYMTIFPPp+oLcQAlnomj4uQlPaIR/GxxsgK6J4WAhKzQfh5tQlRIDVbhR5EjR1BoQ22AY3Dw9AOQ906I/BwAPGbdPX9q/1CkEd7vgL3vYTyRriGg9adWUqfqOpniQnCzUVT12sge3fg+GwEICewIyDg/Dz
diff --git a/hydra/keys/ssh/rekado.pub b/hydra/keys/ssh/rekado.pub
new file mode 100644
index 0000000..c588e1e
--- /dev/null
+++ b/hydra/keys/ssh/rekado.pub
@@ -0,0 +1 @@
+ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAACAQDTAGw5GVWhqBo+XqtgYUcGAw+/63v+k7VovGzNzzaZPUELEfOXlx+Sm5oZ71KH/qpgRwdyxqxJf2ydsuq0wDRWMzyD0J5Mt59I3gm2dbPpN86+owZcvo/8V8gIVFg7hayXiIbtk9ZQA3TmzYJ7EY+ZbXFuHyqkPZKMWZdy8B7wwHIwVkUlxcH3iabxPvPTtO310DUTgqarD4jxsL1ulocP8X6vAH/PBYzVHucUeBD3v/AfZYAH8QE7JSsZiHyqcuDvelsPq5+LOQ/kXky/XuGgAa93L9mZBAsuyBq6KRqPkgYjPgI/A0oLYFtOXfQW5ORCm7BnLfF0WLQ8nvdAfsf+uRQYtRejzW9blx73CE5vV52WlWYLeUme8IC6JaeWKCPkRkGZfPLgE9rGO27thaqIv/14SPWUp7jTiKJA+k+bAs/p5v8APmEXc4YB04yD71zWyv58
[...]
diff --git a/hydra/modules/sysadmin/build-machines.scm
b/hydra/modules/sysadmin/build-machines.scm
index ab90e81..ad915d2 100644
--- a/hydra/modules/sysadmin/build-machines.scm
+++ b/hydra/modules/sysadmin/build-machines.scm
@@ -1,6 +1,6 @@
;;; GNU Guix system administration tools.
;;;
-;;; Copyright © 2016 Ludovic Courtès <address@hidden>
+;;; Copyright © 2016, 2017 Ludovic Courtès <address@hidden>
;;;
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
@@ -54,7 +54,7 @@ HOST-NAME and accessibly by SYSADMINS, with the given
AUTHORIZED-GUIX-KEYS."
%base-file-systems))
(services (cons* (service sysadmin-service-type sysadmins)
- (lsh-service)
+ (service openssh-service-type)
(dhcp-client-service)
(mcron-service (list gc-job))
(modify-services %base-services
diff --git a/hydra/modules/sysadmin/people.scm
b/hydra/modules/sysadmin/people.scm
index 0d9cca7..121c268 100644
--- a/hydra/modules/sysadmin/people.scm
+++ b/hydra/modules/sysadmin/people.scm
@@ -1,6 +1,6 @@
;;; GNU Guix system administration tools.
;;;
-;;; Copyright © 2016 Ludovic Courtès <address@hidden>
+;;; Copyright © 2016, 2017 Ludovic Courtès <address@hidden>
;;;
;;; This program is free software: you can redistribute it and/or modify
;;; it under the terms of the GNU General Public License as published by
@@ -20,7 +20,7 @@
#:use-module (guix records)
#:use-module (gnu services)
#:use-module (gnu system shadow)
- #:use-module (gnu packages ssh)
+ #:use-module (gnu services ssh)
#:use-module (gnu packages base)
#:use-module (ice-9 match)
#:export (sysadmin?
@@ -37,7 +37,7 @@
sysadmin?
(name sysadmin-name)
(full-name sysadmin-full-name)
- (lsh-public-key sysadmin-lsh-public-key)
+ (ssh-public-key sysadmin-ssh-public-key)
(restricted? sysadmin-restricted? (default #f)))
(define (sysadmin->account sysadmin)
@@ -53,37 +53,10 @@
'("wheel" "kvm"))) ;sudoer
(home-directory (string-append "/home/" name))))))
-(define (sysadmin-lsh-authorization sysadmin)
- "Return a gexp that invokes 'lsh-authorize' for SYSADMIN."
- (match sysadmin
- (($ <sysadmin> name _ public-key)
- #~(begin
- (match (primitive-fork)
- (0
- (dynamic-wind
- (const #t)
- (lambda ()
- (let* ((pw (getpw #$name))
- (uid (passwd:uid pw))
- (gid (passwd:gid pw))
- (home (passwd:dir pw)))
- (setgroups #())
- (setgid gid)
- (setuid uid)
-
- ;; 'lsh-authorize' is a shell script so set up a couple of
- ;; environment variables.
- (setenv "HOME" home)
- (setenv "PATH" (string-append #$coreutils "/bin"))
-
- (format #t "registering lsh key for '~a' (UID ~a)...~%"
- #$name (getuid))
- (system* (string-append #$lsh "/bin/lsh-authorize")
- #$public-key)))
- (lambda ()
- (primitive-exit 0))))
- (pid
- (waitpid pid)))))))
+(define (sysadmin->authorized-key sysadmin)
+ "Return an authorized key tuple for SYSADMIN."
+ (list (sysadmin-name sysadmin)
+ (sysadmin-ssh-public-key sysadmin)))
(define sysadmin-service-type
;; The service that initializes sysadmin accounts.
@@ -92,11 +65,9 @@
(extensions (list (service-extension account-service-type
(lambda (lst)
(map sysadmin->account lst)))
- (service-extension activation-service-type
+ (service-extension openssh-service-type
(lambda (lst)
- #~(begin
- (use-modules (ice-9 match))
- #$@(map
sysadmin-lsh-authorization
- lst))))))))
+ (map sysadmin->authorized-key
+ lst)))))))
;;; people.scm ends here