branch master updated: hydra: node-129: Register public IP.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

branch master updated: hydra: node-129: Register public IP.

From:	Maxim Cournoyer
Subject:	branch master updated: hydra: node-129: Register public IP.
Date:	Thu, 23 Jun 2022 17:42:23 -0400

This is an automated email from the git hooks/post-receive script.

apteryx pushed a commit to branch master
in repository maintenance.

The following commit(s) were added to refs/heads/master by this push:
     new 0ce2d32  hydra: node-129: Register public IP.
0ce2d32 is described below

commit 0ce2d3210d537468084c712e55c18b2ce8e53267
Author: Maxim Cournoyer <maxim.cournoyer@gmail.com>
AuthorDate: Thu Jun 23 15:22:51 2022 -0400

    hydra: node-129: Register public IP.
    
    And disable password-based SSH access.
    
    * hydra/deploy-node-129.scm (node-129-os)
    [services]{static-networking-service-type}: New service.
    {openssh-service-type}: Disable password authentication.
---
 hydra/deploy-node-129.scm | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/hydra/deploy-node-129.scm b/hydra/deploy-node-129.scm
index 35121e2..025715b 100644
--- a/hydra/deploy-node-129.scm
+++ b/hydra/deploy-node-129.scm
@@ -7,7 +7,7 @@
 ;;;
 ;;; 2. be available as a fall-back to Berlin in case of problems
 ;;;
-;;; TODO: Implement the fall-back to Berlin
+;;; TODO: Implement service redundancy with Berlin.
 ;;;
 ;;; FIXME: Re-deploying must happen from Berlin, due to bug #46760.
 ;;;
@@ -24,6 +24,8 @@
 (use-modules (gnu bootloader)
              (gnu bootloader grub)
              (gnu packages linux)
+             (gnu services base)
+             (gnu services ssh)
              (gnu system file-systems)
              (guix gexp)
              (sysadmin build-machines))
@@ -110,6 +112,24 @@
                      (btrfs-subvolume-mount "@srv"        "/srv")
                      %btrfs-pool
                      %base-file-systems))
+      (services
+       (modify-services (operating-system-user-services base-os)
+         (static-networking-service-type
+          ;; This machine is reachable from the Internet so that it can
+          ;; be used as an alternative to Berlin to access the Guix
+          ;; MDC network.
+          networks => (cons (static-networking
+                             (addresses (list (network-address
+                                               (device "eno2")
+                                               (value "141.80.181.41/24"))))
+                             (provision '(backdoor))) ;required else car error
+                            networks))
+         (openssh-service-type
+          config => (openssh-configuration
+                     (inherit config)
+                     ;; Only accept public key authentication for
+                     ;; enhanced security.
+                     (password-authentication? #f)))))
       (swap-devices '())               ;cannot do swap on Btrfs RAID
       (packages (cons btrfs-progs (operating-system-packages base-os))))))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated: hydra: node-129: Register public IP., Maxim Cournoyer <=

Prev by Date: 11/12: gnu: hypre: Add missing dependencies on latex fonts.
Next by Date: branch master updated: gnu: Add emacs-straight-el.
Previous by thread: branch master updated (c98f412de6 -> 000b710cee)
Next by thread: branch master updated: gnu: Add emacs-straight-el.
Index(es):
- Date
- Thread