From 9bf1722b03b1884cbb64a0254607897e4a94ffc3 Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Wed, 6 Oct 2021 11:03:30 +0200 Subject: [PATCH] Add Kubernetes, remove nginx --- clusters/stokes/cluster.nix | 48 +++++++++--- clusters/stokes/default.nix | 145 ++++++++++++++++++++++-------------- clusters/stokes/hosts.nix | 18 ++--- clusters/stokes/morph.nix | 60 ++++++++++++++- clusters/stokes/users.nix | 63 ++++++++-------- 5 files changed, 228 insertions(+), 106 deletions(-) diff --git a/clusters/stokes/cluster.nix b/clusters/stokes/cluster.nix index 4fc5887..b4fe7f6 100644 --- a/clusters/stokes/cluster.nix +++ b/clusters/stokes/cluster.nix @@ -1,7 +1,13 @@ { pkgs, lib, config, ... }: with lib; let - cfg = config.node; + cfg = config.features.host; + + mkSANs = host: [ + host.name + host.address + "127.0.0.1" + ]; configuration = { system.autoUpgrade.enable = lib.mkForce false; @@ -40,7 +46,7 @@ let "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDULdlLC8ZLu9qBZUYsjhpr6kv5RH4yPkekXQdD7prkqapyoptUkO1nOTDwy7ZsKDxmp9Zc6OtdhgoJbowhGW3VIZPmooWO8twcaYDpkxEBLUehY/n8SlAwBtiHJ4mTLLcynJMVrjmTQLF3FeWVof0Aqy6UtZceFpLp1eNkiHTCM3anwtb9+gfr91dX1YsAOqxqv7ooRDu5rCRUvOi4OvRowepyuBcCjeWpTkJHkC9WGxuESvDV3CySWkGC2fF2LHkAu6SFsFE39UA5ZHo0b1TK+AFqRFiBAb7ULmtuno1yxhpBxbozf8+Yyc7yLfMNCyBpL1ci7WnjKkghQv7yM1xN2XMJLpF56v0slSKMoAs7ThoIlmkRm/6o3NCChgu0pkpNg/YP6A3HfYiEDgChvA6rAHX6+to50L9xF3ajqk4BUzWd/sCk7Q5Op2lzj31L53Ryg8vMP8hjDjYcgEcCCsGOcjUVgcsmfC9LupwRIEz3aF14AWg66+3zAxVho8ozjes= jonas.juselius@juselius.io" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCk5EKXxo/KLogjqSxSf/GkQdZ30UxB3wXc5k6Y6RRKQ/5iJ+XyYTbuqYOUp30p54apZzbayU2icahE/upr754lQicQwJtOXW/Iut57VRhSpq4P+mKCIdT58xCUkAZYr8Aja8UjHlYeJgFvp023K/fqmwbapu8R1gh4bzXm7uU1XeJoYfuOb+Cb8NGMn1ICrw2aztA0yVOXZ7tyJd2qyr1+6PuM/Ca2nKN4wLIX2vwyN3vZjR15nkIaHQGlTaJlNk2NEG1YTxsIQ9axDjNtyL80kjUr5M8zxW6s0h3451zr1b21EetP1i+1POIjS9uWXv5iabF+1Qb1GaS4FAYzzpqNY+moLzY7Zqfi05MPsMYkNoZ1Kg5aj0IuZb0OM9i6ZJrFs9nYAGG0uLSUTfrs957f9nokFyILGYg5xY46YN3uQrqfZifvcR0KaEdxEKvnfq0qrNG3uYLR/OYm2yblRcNbWgDoQ1hH7qa9uJM2JrPM07s4sJGkqfAib8Hwz9+l7jMrL6KIGUOA4aX0B1KZaIKKiZa42WlgdbeA17aW3laIqS5mZCkI3pLMYZAxe+A6rQi+V8ZAvDSyOL/Vws3lboXaN5QLu17R8uCY7MkIAvRBiZSpdWNeX3JO5m6zexkxkrFlxyEBf+ott4ATSw+eMYMs8i5xQRqPjgO1cABWkUdGpw== martin.moe.carstens@itpartner.no" ]; - docker.enable = true; + docker.enable = false; mailRelay = { enable = true; @@ -52,7 +58,7 @@ let }; cachix.enable = false; - monitoring.nodeExporter.enable = true; + monitoring.nodeExporter.enable = false; pki = { ca = ./ca; }; @@ -85,6 +91,33 @@ let }; }; }; + + k8s = { + enable = true; + node.enable = true; + clusterName = "hpc0"; + initca = ./ca; + cidr = "10.100.0.0/16"; + master = { + name = "stokes"; + address = "10.1.61.100"; + extraSANs = [ "hpc0-0.regnekraft.io" ]; + }; + ingressNodes = [ + "hpc0-0.regnekraft.io" + ]; + fileserver = "mds0-0"; + charts = { + acme_email = "innovasjon@itpartner.no"; + grafana_smtp_user = "utvikling"; + grafana_smtp_password = "S0m3rp0m@de#21!"; + }; + }; + }; + + services.kubernetes.kubelet.extraSANs = mkSANs { + name = cfg.name; + address = cfg.address; }; networking = { @@ -221,11 +254,6 @@ let in { options.node = { - address = mkOption { - type = types.str; - default = null; - }; - i40efix = mkEnableOption "Apply fix for i40e driver"; myvnc = mkEnableOption "Enable myvnc script"; @@ -238,9 +266,9 @@ in { shosts - (mkIf cfg.i40efix i40efix) + (mkIf config.node.i40efix i40efix) - (mkIf cfg.myvnc myvnc) + (mkIf config.node.myvnc myvnc) ]; imports = [ diff --git a/clusters/stokes/default.nix b/clusters/stokes/default.nix index b53a667..69805a7 100644 --- a/clusters/stokes/default.nix +++ b/clusters/stokes/default.nix @@ -1,6 +1,29 @@ let + # Pin the deployment package-set to a specific version of nixpkgs + # pkgs = import (builtins.fetchTarball { + # url = "https://github.com/NixOS/nixpkgs/archive/e9148dc1c30e02aae80cc52f68ceb37b772066f3.tar.gz"; + # sha256 = "1ckzhh24mgz6jd1xhfgx0i9mijk6xjqxwsshnvq789xsavrmsc36"; + # }) {}; + pkgs = import {}; + + etcdNodes = { + c0-0 = "10.1.61.100"; + c0-1 = "10.1.61.101"; + c0-2 = "10.1.61.102"; + }; + + etcdCluster = { + enable = true; + existing = true; + nodes = etcdNodes; + }; + + nodes = + with builtins; + let nodes = genList (n: n + 1) 8; in + map (n: ({ name = "c0-${toString n}"; address = "10.1.61.10${toString n}"; })) nodes; + stokes = { - node.address = "10.1.62.2"; node.myvnc = true; systemd.targets = { @@ -11,6 +34,11 @@ let }; features = { + host = { + address = "10.1.62.2"; + name = "c0-0"; + }; + os = { externalInterface = "eno1"; nfs.enable = true; @@ -25,13 +53,17 @@ let frontend = true; }; + k8s = { + master.enable = true; + node.enable = true; + inherit nodes; + inherit etcdCluster; + }; + monitoring = { server = { - enable = true; - scrapeHosts = [ - "frontend" "mds0-0" - "c0-1" "c0-2" "c0-3" "c0-4" "c0-5" "c0-6" "c0-7" "c0-8" - ]; + enable = false; + scrapeHosts = [ "frontend" "mds0-0" ] ++ (builtins.map (x: x.name) nodes); defaultAlertReceiver = { email_configs = [ { to = "jonas.juselius@tromso.serit.no"; } @@ -48,7 +80,7 @@ let ]; }; }; - webUI.enable = true; + webUI.enable = false; webUI.acmeEmail = "innovasjon@itpartner.no"; webUI.allow = [ "10.1.2.0/24" @@ -120,6 +152,14 @@ let device = "10.1.63.80:/data"; fsType = "nfs"; }; + "/vol/local-storage/vol1" = { + device = "/vol/vol1"; + options = [ "bind" ]; + }; + "/vol/local-storage/vol2" = { + device = "/vol/vol2"; + options = [ "bind" ]; + }; }; security.pam.services.sshd.googleAuthenticator.enable = true; @@ -169,16 +209,10 @@ let }; }; - imports = [ ./cluster.nix ./hw/frontend.nix ]; }; compute = { - features = { - os.externalInterface = "eno33"; - hpc.compute = true; - }; - fileSystems = { "/home/stokes" = { device = "10.1.63.100:/home"; @@ -195,49 +229,50 @@ let }; }; - genComputeNodes = idx: nNodes: - let - nodeList = builtins.genList (x: x + 1) nNodes; - mkCompute = n: - let - ip = "10.1.61.${toString (n + 100)}"; - ipoib = "10.1.63.${toString (n + 100)}"; - name = "c${toString idx}-${toString n}"; - hw = ./hw + "/${name}.nix"; - in { - "${name}" = { - node = { - address = ip; - i40efix = true; - }; - networking = { - useDHCP = false; - interfaces.eno33 = { - useDHCP = false; - ipv4.addresses = [ { - address = ip; - prefixLength = 24; - } ]; - ipv4.routes = [ { - address = "10.1.62.2"; - prefixLength = 32; - via = "10.1.61.100"; - } ]; + mkCompute = host: + let + ipoib = builtins.replaceStrings [".61."] [".63."] host.address; + hw = ./hw + "/${host.name}.nix"; + in { + "${host.name}" = { + features = { + inherit host; + os.externalInterface = "eno33"; + hpc.compute = true; + k8s = { inherit etcdCluster; }; + }; + + node = { + i40efix = true; + }; + + networking = { + useDHCP = false; + interfaces.eno33 = { + useDHCP = false; + ipv4.addresses = [ { + address = host.address; + prefixLength = 24; + } ]; + ipv4.routes = [ { + address = "10.1.62.2"; + prefixLength = 32; + via = "10.1.61.100"; + } ]; - }; - interfaces.ibp65s0 = { - useDHCP = false; - ipv4.addresses = [ { - address = ipoib; - prefixLength = 24; - } ]; - }; - }; - imports = [ ./cluster.nix hw ]; - } // compute; }; - in - builtins.foldl' (a: n: a // mkCompute n) {} nodeList; + interfaces.ibp65s0 = { + useDHCP = false; + ipv4.addresses = [ { + address = ipoib; + prefixLength = 24; + } ]; + }; + }; + imports = [ ./cluster.nix hw ]; + } + // compute; +}; in - { inherit stokes; } // genComputeNodes 0 8 + { inherit stokes; } // builtins.foldl' (a: n: a // mkCompute n) {} nodes diff --git a/clusters/stokes/hosts.nix b/clusters/stokes/hosts.nix index 260ccba..f6f7251 100644 --- a/clusters/stokes/hosts.nix +++ b/clusters/stokes/hosts.nix @@ -1,15 +1,15 @@ '' 10.1.62.2 stokes stokes.regnekraft.io - 10.1.61.100 frontend frontend.hpc.local - 10.1.61.101 c0-1 c0-1.hpc.local - 10.1.61.102 c0-2 c0-2.hpc.local - 10.1.61.103 c0-3 c0-3.hpc.local - 10.1.61.104 c0-4 c0-4.hpc.local - 10.1.61.105 c0-5 c0-5.hpc.local - 10.1.61.106 c0-6 c0-6.hpc.local - 10.1.61.107 c0-7 c0-7.hpc.local - 10.1.61.108 c0-8 c0-8.hpc.local + 10.1.61.100 frontend frontend.hpc.local c0-0.regnekraft.io + 10.1.61.101 c0-1 c0-1.hpc.local c0-1.regnekraft.io + 10.1.61.102 c0-2 c0-2.hpc.local c0-2.regnekraft.io + 10.1.61.103 c0-3 c0-3.hpc.local c0-3.regnekraft.io + 10.1.61.104 c0-4 c0-4.hpc.local c0-4.regnekraft.io + 10.1.61.105 c0-5 c0-5.hpc.local c0-5.regnekraft.io + 10.1.61.106 c0-6 c0-6.hpc.local c0-6.regnekraft.io + 10.1.61.107 c0-7 c0-7.hpc.local c0-7.regnekraft.io + 10.1.61.108 c0-8 c0-8.hpc.local c0-8.regnekraft.io 10.1.61.80 mds0-0 mds0-0.hpc.local diff --git a/clusters/stokes/morph.nix b/clusters/stokes/morph.nix index 39b6671..c4e1558 100644 --- a/clusters/stokes/morph.nix +++ b/clusters/stokes/morph.nix @@ -6,9 +6,24 @@ let # }) {}; pkgs = import {}; + etcdNodes = { + # hpc0-0 = "10.1.63.100"; + # hpc0-1 = "10.1.63.101"; + # hpc0-2 = "10.1.63.102"; + }; + + etcdCluster = { + enable = false; + existing = false; + nodes = etcdNodes; + }; + + k8sNodes = [ + # { name = "hpc0-1"; address = "10.1.61.101"; } + ]; + stokes = { deployment.tags = [ "frontend" ]; - node.address = "10.1.62.2"; node.myvnc = true; systemd.targets = { @@ -19,6 +34,10 @@ let }; features = { + host = { + address = "10.1.61.100"; + name = "hpc0-0"; + }; os = { externalInterface = "eno1"; nfs.enable = true; @@ -33,6 +52,30 @@ let frontend = true; }; + k8s = { + enable = true; + master.enable = true; + node.enable = true; + nodes = nodes; + clusterName = "hpc0"; + initca = ./ca; + cidr = "10.100.0.0/16"; + master = { + name = "hpc0-0"; + address = "10.1.63.100"; + extraSANs = [ "stokes.regnekraft.io" ]; + }; + ingressNodes = [ + "hpc0-0.itpartner.intern" + ]; + fileserver = "mds0-0"; + charts = { + acme_email = "innovasjon@itpartner.no"; + grafana_smtp_user = "utvikling"; + grafana_smtp_password = "S0m3rp0m@de#21!"; + }; + }; + monitoring = { server = { enable = true; @@ -177,6 +220,15 @@ let }; }; + services.minio = { + enable = true; + region = "hpc"; + browser = true; + accessKey = "admin"; + secretKey = "en to tre fire"; + listenAddress = "0.0.0.0:9000"; + dataDir = [ "/data/minio" ]; + }; imports = [ ./cluster.nix ./hw/frontend.nix ]; }; @@ -213,13 +265,17 @@ let ip = "10.1.61.${toString (n + 100)}"; ipoib = "10.1.63.${toString (n + 100)}"; name = "c${toString idx}-${toString n}"; + k8sName = "hpc${toString idx}-${toString n}"; hw = ./hw + "/${name}.nix"; in { "${name}" = { node = { - address = ip; i40efix = true; }; + features.host = { + address = ip; + name = k8sName; + }; networking = { useDHCP = false; interfaces.eno33 = { diff --git a/clusters/stokes/users.nix b/clusters/stokes/users.nix index 86d26b1..dd10a80 100644 --- a/clusters/stokes/users.nix +++ b/clusters/stokes/users.nix @@ -17,6 +17,7 @@ michael = { gid = 1012; }; yugaos = { gid = 1013; }; ata = { gid = 1014; }; + kvile ={ gid = 1015; }; # @grp@ sif = { @@ -61,8 +62,8 @@ "wheel" "root" "adm" + "admin" "cdrom" - "docker" "fuse" "wireshark" "libvirtd" @@ -72,7 +73,7 @@ ]; uid = 1000; isNormalUser = true; - createHome = true; + createHome = false; useDefaultShell = false; shell = pkgs.fish; openssh.authorizedKeys.keys = [ @@ -87,11 +88,10 @@ group = "olean"; extraGroups = [ "users" - "docker" ]; uid = 1001; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAlfc2r3mNkvmdta+H/5zfdFe6317zmCdhhPYbipaGVFPUZO2cCTgSso28oDvOpCDldo/wl3jUxYNDlwH8LYMqKT3aGaOZr8JbxYzd+L+5GM2KTD+4YRmPtpYS/LWcc3j+fiFXSgX6Mrrgf6ineCRuBxSooDVE+pBakM1U7d5NE25apaAvclzFTmZBg0Sf9e5sgHkR99r9DUeGEQWGNZVUGwti39dFVp+aC9dsA+1/OtNB/HMF5G1MMk9dqvN7n7i9o9Plef2DParn4QU1GhmUKeEiBe4OAmSP+WwD4YvK6iXSKZG6tuTEspw+mR3rK5gBHrEiaNlCtp7O9BnAw4Wjhw== rsa-key-20201218" ]; @@ -103,11 +103,10 @@ group = "frankgaa"; extraGroups = [ "users" - "docker" ]; uid = 1002; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTq/IAtLkvHaPKTsp5U9YnhBj7PLFflS9vWpm5e/bFXQkSShkqUOktff1GITIN+RTpUS8zF9UkJA8fj5K382DhIn4jVb9HvQzmHNBTxU5ClpOuKhfibrts5IKMLAiN1enwZYu0iUIVfDKTYmqgAnjN8B6OyzIAB8bsBUMdN29PEwJT4cCVRRySLRfoWiXiZKow71FzXIACgxMwGhj2fpslKQoat2LGny03XR7EZrv36u1OktT28Gxf4ZrGpT9+3SAyf7aW20xHALU/dHXVsfsuqnoqw1InZ5VhvIVtoIj+5Vc5dkTXkychL0Hb+WxiH5O/3T18YUqes08UPZX5G9kB fga@akvaplan.niva.no" ]; @@ -119,11 +118,10 @@ group = "hdj002"; extraGroups = [ "users" - "docker" ]; uid = 1003; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAvXTQTRfcpVkaJ+HO6wpgMKO9bdoTvQunbexn1N4jOuJOB5uAKZrZsimucw4DpvzaLZAftLI6RQlmiklxWItZA2UCfhlIZus8wy0cSTic2PkxLUXzBa1wl7nr8anYSK/HReQfTkgSi6LGTsGhejBxe//XC24ygW9eFYZTwOkpD8klNBNFHUA6sXgnzcjT/j3rwUjYI4GVJ82kP3GA0GBDSMwZ45/8ZYBk/Dbja0RJlvTHLSIgAmKzOuor1ORXk4zGdVpsTgNRv7QxeXZT09KJFp9hexMB/fT/OwZopKrHdGrOIIi2vhO6AGh4U+qjnjWY8yn5qHSOAIDDiJQ/iLeCCw== rsa-key-20201217" ]; @@ -135,11 +133,10 @@ group = "hes"; extraGroups = [ "users" - "docker" ]; uid = 1004; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDH/05mXyrYgxlWazFDtTJBCCB4YzQQiPcAkeeolztt320CPQ+pRyLgCzyAVGT5AlisXanHyWFSsPXrfM5MRNbm2U87s8DoZLZS5CYMk+ieGKdbac8jUgaw16EKyW05NHfHhDGYL+DyTQ76WAe/btzgDpvkal5B824a6abqc/oYz7D5rnAqoIpt56m1BG3tJrSz8K3nbOGpnMKt3vlVSLqZ6WNtSfXT+hHjOTfacQYH9XGQn/nYIuUzgDUswiboJ8nox5eduJxFrUHY6GGFiFeX6+hxIZUOZZm4hff01+sBxWy4y727tzCTbZIw2ERKcxu94BOC/EJsIyQDkaHwzaIwP7bB8V5yqpz7Fjgt5Bu+pMxUV8uwZmA5S5r3UuXlKHaspaqDR7RVjCUWcwCSgMYioxLtcnZr2DdKuezXbOU8O/FRsxuqFEzZTeCrckAi8gFzTanIZYmkwujjRg1hidOMc5qcn2yH/5NyBlQ+Y4XjD0XTMjSLpONczuyG3t6SJpE= haavaes@nzinga" ]; @@ -151,11 +148,10 @@ group = "mad"; extraGroups = [ "users" - "docker" ]; uid = 1005; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDSHaeXMssp55DPb9Pnqn1WxQqutvOsvIrYDKgTsrnmf/GC3N7h593pX27Qrzjaf0OYHcT7drUbDvRIFsuzmtplff/87fqbx/GGyYUrP+LZwOB7BKHrRlixaVeOOmvE/f9SNM0sIolq47qKFHM2KMsbk5zhSiOmbsCXWzdyYu+kjRgSjSs8NByoKzW9+dUuop/dcTZtDJd0oxUwkpU3c+MSkdAtDpvuxG6vq56Z4j9llg8kzHtLQI7t8w35FhIcXaJOE+LXJfq1FuAl9rw0QMAvotRJ+wHiMOqdkbABkmHG594JNCvZStqN4r8r3ZI20AF8xB3EiLVAuiB08kdEcuoGJCj7IHUwozbds4PO32oDSVy2/IR6VtRJQSNLH99nSbDQ9AmJtn3gSVJvAil1zaw/PZGez/UnDevN7KwUnf6wxH7yxDqgRjEmTu62z7HxQkPKMbuIvcHCQV9ota4eJZFOpr9tH44tuETcvkOButJH1Qa6AMKZPj10bxlqPIHKFS3dhus0BiUIWbjUY9/dC3LwW0S8TeP1NLx0vUeDiqY7BId6jZ8yeguQTvngPFJw5VPEuH5X/6sSXoCn1MnwdhXyeIylE5JoPXahVGQkaHo1Hap0JajxIlsZN6Q719qwSYJouH4mjdFBT46kw8CSH2sedv5qCQPchVmvaADirytYTQ== pckey" ]; @@ -167,11 +163,10 @@ group = "peyghamg"; extraGroups = [ "users" - "docker" ]; uid = 1006; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = []; }; @@ -181,11 +176,10 @@ group = "qin"; extraGroups = [ "users" - "docker" ]; uid = 1007; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEAhrMpKwIKQoANoB0I7X9IXGVpfPVvjFjeuT7RGKO+XghSm88B0RTeBeiEcwp1fADUTdzbd00YhrWLIBSl3z/fyhG/k/EyOadNYn0BFenJ9IBxBFo/Nyhbfg1jKAO/OLN7S6WFWPvJzE/G6UP/wN1QBeJmM1iEIuorwwTifMGD0nM1DaQA9R9Ji56yn6Kzl2wym0z0WKyqrn+vTBh3YXJljEFboeuWlBL/a7R7W6XxJHPo0wZzKxE7mdEQqqGXioTUTPgyBLK1duS0YjWuMS/pfkMIji0kD50QtlA72h2p++43ZS1NpFK9d8q7C2ZxE/RlxAFGwUcKGhEIUdk3JRhfcQ== rsa-key-20210429" ]; @@ -197,11 +191,10 @@ group = "eli"; extraGroups = [ "users" - "docker" ]; uid = 1008; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAQEA8cclW3+wlmFl4fNEIqudlrtKVsZCXdzLgXNaGnqZPbqUCVXqw6rigFXSPYnRnE47yi8heC+06ga+4l8LkAuFCPhoZN6xxq6M7qmlNRHtpNn6PrXuDaTkgNig9TD2BCbHGwkqIByPhea4qQbM0mLKRk+a4H0ZGHsJnZI+nm185sSo6jQJ1gCHLk6ZZOoRDGYjoZIs3En3fTSTJBfbluf5A/gVXf2pbvIQ+R5QEOszRcln6nFfTd2Lwu2t63jA1pHN3KQoKcJ9RtBrRC0ZgZrOlEU1bpGLwuHwpj5xoxlsoI49QMgqJL4PE06mNGLYuxl6N/Sj6l90fuPFrEQpf45S0w== rsa-key-20201217" "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvn2P+ID0J4SEIZF22Ewx4YqrUxgM78eUPZPtEngvQhi+s+lROpmkPPG7JQ2AO4tsATIOWHhXXerIciWuP5W8LikUmr4xXdQD7S1lbmH1sKvgyquPqyfjucQlP/efcoYXGQMp7tFs/1Z1RXPmq4oG3IZIy/wZOgiT8/wP/nCVOAahtAE1VxRldber286ruoF4e3GFjSxYafjyifaYwSvHySiKKqjVCaHw1oVv6bJn2H1sjuU19LSvDTZk+zMlWuxe1HW2dLtrGQGptd1JSURzmuc+stmrDBeiSGQ5QZza4+6TZKnSMNZ0RrjvTLlT+qW6OYMSPkiSDlEjkB47kIGQKQ== eli@AKVA9163" @@ -214,11 +207,10 @@ group = "ovanov"; extraGroups = [ "users" - "docker" ]; uid = 1009; isNormalUser = true; - createHome = true; + createHome = false; openssh.authorizedKeys.keys = []; }; @@ -228,13 +220,12 @@ group = "bast"; extraGroups = [ "users" - "docker" "wheel" "root" ]; uid = 1010; isNormalUser = true; - createHome = true; + createHome = false; useDefaultShell = false; shell = pkgs.fish; openssh.authorizedKeys.keys = [ @@ -250,11 +241,10 @@ group = "marius"; extraGroups = [ "users" - "docker" ]; uid = 1011; isNormalUser = true; - createHome = true; + createHome = false; useDefaultShell = false; shell = pkgs.fish; openssh.authorizedKeys.keys = [ @@ -268,11 +258,10 @@ group = "michael"; extraGroups = [ "users" - "docker" ]; uid = 1012; isNormalUser = true; - createHome = true; + createHome = false; useDefaultShell = false; shell = pkgs.fish; openssh.authorizedKeys.keys = [ @@ -286,11 +275,10 @@ group = "yugaos"; extraGroups = [ "users" - "docker" ]; uid = 1013; isNormalUser = true; - createHome = true; + createHome = false; useDefaultShell = true; # shell = pkgs.fish; openssh.authorizedKeys.keys = [ @@ -304,11 +292,10 @@ group = "ata"; extraGroups = [ "users" - "docker" ]; uid = 1014; isNormalUser = true; - createHome = true; + createHome = false; useDefaultShell = true; # shell = pkgs.fish; openssh.authorizedKeys.keys = [ @@ -316,6 +303,22 @@ ]; }; + kvile = { + description = "Kristina Øie Kvile"; + home = "/home/kvile"; + group = "kvile"; + extraGroups = [ + "users" + ]; + uid = 1015; + isNormalUser = true; + createHome = false; + useDefaultShell = true; + # shell = pkgs.fish; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtB+HWtE4iXJiRVi1MUKaE3R3FAcHzCgiF84ho6GXKxx5H2iY8sgfxWo/lFSonhZKTo/+dHOYNKs42Q85ytG1rpcEYYVOK53mx8f7Z3THmw348a/+geM8Bukvo5pLc7KmXIvq6UQIjZmI/wnbA7B8MzLyrod71SaT1ujMEV1Jg0b3KnjS5kJnUHDICw3CdvuenNIgYl/zbTeEJ1iUu6T1TY+cNGG/7HOsaR1leCArDutHIKowcIFQFZoLEikM2DX5MSp9UBizAVogHugEqE2Bqh+C7NyTzJfQzR8s4drnt9IaptJQmCo6z9f+dQALjhftJXBDdkR6coMyOujV3Yyc5 rsa-key-20210928" + ]; + }; # @usr@ };