infra
/
cfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

app/ssh: Configure sshd trusted user CA keys 

Configuring the system-wide trusted user CA key list for *sshd(8)*.
master
Dustin 2024-02-02 07:14:07 -06:00
parent afd65ea9b8
commit b7f5d4a910
12 changed files with 49 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/ssh/schema/schema.cue Normal file
View File

@ -0,0 +1,5 @@
package schema
#Ssh: {
trusted_user_ca_keys: string
}

19
app/ssh/templates.cue Normal file
View File

@ -0,0 +1,19 @@
package ssh
import "du5t1n.me/cfg/base/schema/instructions"
templates: [...instructions.#RenderInstruction] & [
{
template: "ssh/ca.pub"
dest: "/etc/ssh/ca.pub"
},
{
template: "ssh/trustedusercakeys.conf"
dest: "/etc/ssh/sshd_config.d/70-trustedusercakeys.conf"
hooks: {
changed: [
{run: "systemctl reload sshd"},
]
}
},
]

11
env/prod/ssh.cue vendored Normal file
View File

@ -0,0 +1,11 @@
package prod
import (
"du5t1n.me/cfg/app/ssh/schema"
)
ssh: schema.#Ssh & {
trusted_user_ca_keys: """
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINyi18IfxAf9wLnyffnMrThYpqxVwu0rsuiLoqW6rcwF sshca.pyrocufflink.blue
"""
}

1
host/k8s-amd64-n3.pyrocufflink.blue.cue
View File

@ -3,3 +3,4 @@ import (
)
sudo: prod.sudo
ssh: prod.ssh

2
host/nut0.pyrocufflink.blue.cue
View File

@ -13,4 +13,6 @@ nut: monitor: prod.#nut_monitor & {
collectd: prod.collectd
ssh: prod.ssh
sudo: prod.sudo

2
host/nvr1.pyrocufflink.blue.cue
View File

@ -11,4 +11,6 @@ nut: monitor: prod.#nut_monitor & {
#username: "nvr1"
}
ssh: prod.ssh
sudo: prod.sudo

1
host/serial1.pyrocufflink.blue.cue
View File

@ -4,4 +4,5 @@ import (
"du5t1n.me/cfg/env/prod"
)
ssh: prod.ssh
sudo: prod.sudo

2
instructions/nut0.pyrocufflink.blue.cue
View File

@ -5,6 +5,7 @@ import (
"du5t1n.me/cfg/app/collectd"
"du5t1n.me/cfg/app/nut"
"du5t1n.me/cfg/app/ssh"
"du5t1n.me/cfg/app/sudo"
)
@ -13,5 +14,6 @@ render: list.Concat([
nut.templates,
nut.monitor.templates,
nut.collectd.templates,
ssh.templates,
sudo.templates,
])

2
instructions/nvr1.pyrocufflink.blue.cue
View File

@ -4,11 +4,13 @@ import (
"list"
"du5t1n.me/cfg/app/nut"
"du5t1n.me/cfg/app/ssh"
"du5t1n.me/cfg/app/sudo"
)
render: list.Concat([
nut.sysusers.templates,
nut.monitor.templates,
ssh.templates,
sudo.templates,
])

2
instructions/serial1.pyrocufflink.blue.cue
View File

@ -4,10 +4,12 @@ import (
"list"
"du5t1n.me/cfg/app/collectd"
"du5t1n.me/cfg/app/ssh"
"du5t1n.me/cfg/app/sudo"
)
render: list.Concat([
collectd.templates,
ssh.templates,
sudo.templates,
])

1
templates/ssh/ca.pub Normal file
View File

@ -0,0 +1 @@
{{ ssh.trusted_user_ca_keys }}

1
templates/ssh/trustedusercakeys.conf Normal file
View File

@ -0,0 +1 @@
TrustedUserCAKeys /etc/ssh/ca.pub