This commit is contained in:
parent
6bd1666a08
commit
96998d9df7
GPG key ID:
782A42E461BC6824
11 changed files with 36 additions and 15 deletions
|
|
@ -7,6 +7,5 @@ KexAlgorithms sntrup761x25519-sha512@openssh.com
|
||||||
MACs hmac-sha2-512-etm@openssh.com
|
MACs hmac-sha2-512-etm@openssh.com
|
||||||
PubkeyAcceptedKeyTypes sk-ssh-ed25519@openssh.com,ssh-ed25519
|
PubkeyAcceptedKeyTypes sk-ssh-ed25519@openssh.com,ssh-ed25519
|
||||||
Ciphers chacha20-poly1305@openssh.com
|
Ciphers chacha20-poly1305@openssh.com
|
||||||
AllowUsers root
|
|
||||||
Subsystem sftp internal-sftp
|
Subsystem sftp internal-sftp
|
||||||
Include /usr/etc/ssh/sshd_config.d/40-ssh-key-dir.conf
|
Include /usr/etc/ssh/sshd_config.d/40-ssh-key-dir.conf
|
||||||
|
|
|
||||||
|
|
@ -1 +1,2 @@
|
||||||
remote_path: borg
|
exclude_patterns:
|
||||||
|
- /run/host/var/home
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
variant: fcos
|
variant: fcos
|
||||||
version: 1.5.0
|
version: 1.6.0
|
||||||
storage:
|
storage:
|
||||||
files:
|
files:
|
||||||
- path: /etc/sysctl.d/ignition.conf
|
- path: /etc/sysctl.d/ignition.conf
|
||||||
|
|
@ -29,5 +29,5 @@ passwd:
|
||||||
users:
|
users:
|
||||||
- name: root
|
- name: root
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey"
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c"
|
||||||
|
|
|
||||||
|
|
@ -1,12 +1,14 @@
|
||||||
variant: fcos
|
variant: fcos
|
||||||
version: 1.5.0
|
version: 1.6.0
|
||||||
boot_device:
|
boot_device:
|
||||||
luks:
|
luks:
|
||||||
tpm2: true
|
tang:
|
||||||
|
- url: "http://infra.server.home.arpa:8080"
|
||||||
|
thumbprint: "MKYiehPjYLcEz6o1yKCYLaugJDBtDMSzSgtNAWutSZs"
|
||||||
discard: true
|
discard: true
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: root
|
- name: root
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey"
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c"
|
||||||
|
|
|
||||||
12
ignition/infra.bu
Normal file
12
ignition/infra.bu
Normal file
|
|
@ -0,0 +1,12 @@
|
||||||
|
variant: fcos
|
||||||
|
version: 1.6.0
|
||||||
|
boot_device:
|
||||||
|
luks:
|
||||||
|
tpm2: true
|
||||||
|
discard: true
|
||||||
|
passwd:
|
||||||
|
users:
|
||||||
|
- name: root
|
||||||
|
ssh_authorized_keys:
|
||||||
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey"
|
||||||
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c"
|
||||||
|
|
@ -1,8 +1,8 @@
|
||||||
variant: fcos
|
variant: fcos
|
||||||
version: 1.5.0
|
version: 1.6.0
|
||||||
passwd:
|
passwd:
|
||||||
users:
|
users:
|
||||||
- name: root
|
- name: root
|
||||||
ssh_authorized_keys:
|
ssh_authorized_keys:
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHSZEZAdsx64pSt+2uSHU25K6m3peo2nt2oQJW3jm6i6AAAABHNzaDo= mathieu@yubikey"
|
||||||
- sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c
|
- "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIH33pRp93TOK5OyidgYVYtWBNKawKFzUilOA7Nb2NWzAAAABHNzaDo= mathieu@yubikey-c"
|
||||||
|
|
|
||||||
2
infra/etc/config.d/90-infra.toml
Normal file
2
infra/etc/config.d/90-infra.toml
Normal file
|
|
@ -0,0 +1,2 @@
|
||||||
|
[updates]
|
||||||
|
enabled = false
|
||||||
7
infra/etc/containers/systemd/tang.container
Normal file
7
infra/etc/containers/systemd/tang.container
Normal file
|
|
@ -0,0 +1,7 @@
|
||||||
|
[Container]
|
||||||
|
Image=docker.io/padhihomelab/tang
|
||||||
|
Volume=systemd-tang:/db:U,Z
|
||||||
|
PublishPort=8080:8080
|
||||||
|
AutoUpdate=registry
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
|
@ -10,7 +10,6 @@ qubes.ClipboardPaste * @anyvm sys-whonix deny
|
||||||
qubes.ClipboardPaste * @anyvm system-config deny
|
qubes.ClipboardPaste * @anyvm system-config deny
|
||||||
qubes.ClipboardPaste * @anyvm dev deny
|
qubes.ClipboardPaste * @anyvm dev deny
|
||||||
qubes.ClipboardPaste * @anyvm vault deny
|
qubes.ClipboardPaste * @anyvm vault deny
|
||||||
qubes.ClipboardPaste * @anyvm ssh deny
|
|
||||||
qubes.ClipboardPaste * @anyvm @anyvm ask
|
qubes.ClipboardPaste * @anyvm @anyvm ask
|
||||||
qubes.OpenInVM * @anyvm @dispvm allow
|
qubes.OpenInVM * @anyvm @dispvm allow
|
||||||
qubes.OpenInVM * @anyvm @anyvm deny
|
qubes.OpenInVM * @anyvm @anyvm deny
|
||||||
|
|
@ -29,4 +28,3 @@ qubes.Filecopy * @anyvm sys-whonix deny
|
||||||
qubes.Filecopy * @anyvm system-config deny
|
qubes.Filecopy * @anyvm system-config deny
|
||||||
qubes.Filecopy * @anyvm dev deny
|
qubes.Filecopy * @anyvm dev deny
|
||||||
qubes.Filecopy * @anyvm vault deny
|
qubes.Filecopy * @anyvm vault deny
|
||||||
qubes.Filecopy * @anyvm ssh deny
|
|
||||||
|
|
|
||||||
|
|
@ -9,4 +9,4 @@ dnf install --allowerasing bash-color-prompt bash-completion borgbackup bind-uti
|
||||||
dnf remove cheese evolution-data-server firefox gnome-software gnome-weather PackageKit-command-not-found rpmfusion-nonfree-release thunderbird totem
|
dnf remove cheese evolution-data-server firefox gnome-software gnome-weather PackageKit-command-not-found rpmfusion-nonfree-release thunderbird totem
|
||||||
sh setup-desktop.sh
|
sh setup-desktop.sh
|
||||||
all_proxy=127.0.0.1:8082 flatpak remote-add --if-not-exists flathub /usr/lib/fedora-third-party/conf.d/fedora-flathub.flatpakrepo
|
all_proxy=127.0.0.1:8082 flatpak remote-add --if-not-exists flathub /usr/lib/fedora-third-party/conf.d/fedora-flathub.flatpakrepo
|
||||||
all_proxy=127.0.0.1:8082 flatpak install com.github.tchx84.Flatseal im.riot.Riot io.mpv.Mpv org.chromium.Chromium org.freedesktop.Platform.ffmpeg-full/x86_64/23.08 org.libreoffice.LibreOffice org.mozilla.firefox
|
all_proxy=127.0.0.1:8082 flatpak install com.github.tchx84.Flatseal com.github.xournalpp.xournalpp com.moonlight_stream.Moonlight com.yubico.yubioath im.riot.Riot io.mpv.Mpv org.chromium.Chromium org.freedesktop.Platform.ffmpeg-full/x86_64/23.08 org.gimp.GIMP org.gnome.Evolution org.libreoffice.LibreOffice org.mozilla.firefox
|
||||||
|
|
|
||||||
0
sync-changes.sh
Normal file → Executable file
0
sync-changes.sh
Normal file → Executable file
Loading…
Add table
Reference in a new issue