Divided who can provision and who can access the machines

2025-08-22 18:13:31 +02:00 · 2025-08-22 18:13:31 +02:00 · 06536ac58b
commit 06536ac58b
parent 00574c51b3
4 changed files with 13 additions and 12 deletions
--- a/ssh-keys.nix
+++ b/ssh-keys.nix
@ -1,12 +1,9 @@
 rec {
  deadbeef = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhiGLc/whCY3lCmDiRlYnMJOLiO/gvcRj/sKVEFVAhQ pazpi@deadbeef";
+  colmena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG2r9aO4pty4j2dgRIKe68DPPwdtZBEDlz54F2VBdKcg pazpi@colmena";

  ai = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAm5OG80MtjLCEnibCTgW1oeVRmVYVlVwf28HZAWQZE6 ai";

-  krzo = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILrVYJrU6Ys2o/QYfI6Es5yqVVyjUyDYj6Fglvz63ywP krzo@pazpi.top";
-
-  colmena = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIG2r9aO4pty4j2dgRIKe68DPPwdtZBEDlz54F2VBdKcg pazpi@colmena";
-
  # The key are found executing `ssh-keyscan <ip-address>`
  machines = {
    arr = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICjAFjbSGaeWnImPFBEQ/PeGz7hgpLhUYgZg5Hb/JJ42";
@ -25,14 +22,18 @@ rec {
    zigbee2mqtt = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINN0z+RxfAIARVMFgtF9olJrL5lt95IoC0Mtzg0MKd3g";
  };

-  # Machines able to provision other machines
-  infra-core = [
-    deadbeef
-    ai
-    krzo
+  # Machines able to provisioning other machines
+  provisioning-machine = [
    colmena
+    deadbeef
  ];

+  # Machines able to login with other machines
+  infra-core = [
+    ai
+  ]
+  ++ provisioning-machine;
+
  # Machines in tailscale network
  tailscale-machine = [
    machines.arr