proxmox-vm-lvm-minimal: Use guix substitute signing keys on all vms

Previously, only guix-ci0.home.rekahsoft.ca was configured to use substitutes from custom
substitute servers, notably non-guix. This however is not favorable for other vms, as some
package substitutes are only available on custom substitute servers (eg. my own internal one,
non-guix, etc..).

This commit adjusts this, as well as reorganizes public key files.
This commit is contained in:
Collin J. Doering 2024-09-26 23:51:47 -04:00
parent af23a6502b
commit a17e56e771
Signed by: rekahsoft
GPG Key ID: F77E319397CDA716
11 changed files with 33 additions and 20 deletions

View File

@ -23,14 +23,18 @@
(define %automation-user "auto") (define %automation-user "auto")
(define %guix-signing-keys (define %guix-signing-keys
(list (list
(local-file "../../../.pubkeys/guix-signing-key_lenovo-t480s.pub") (local-file "../../../.pubkeys/guix/lenovo-t480s.pub")
(local-file "../../../.pubkeys/guix-signing-key_dell-precision.pub"))) (local-file "../../../.pubkeys/guix/dell-precision.pub")
(local-file "../../../.pubkeys/guix/cuirass-genenetwork-org.pub")
(local-file "../../../.pubkeys/guix/cuirass-nonguix-org.pub")
(local-file "../../../.pubkeys/guix/guix-ci-home-rekahsoft-ca.pub")))
;; Keys used for ssh access ;; Keys used for ssh access
(define %deploy-key (local-file "../../../.pubkeys/deploy-key.pub")) (define %deploy-key (local-file "../../../.pubkeys/ssh/deploy-key.pub"))
(define %collin-ed25519-key (local-file "../../../.pubkeys/ed25519-861CD08E.pub")) (define %collin-ed25519-key (local-file "../../../.pubkeys/ssh/ed25519-861CD08E.pub"))
(define %collin-rsa4096-key (local-file "../../../.pubkeys/rsa4096-6765FB18.pub")) (define %collin-rsa4096-key (local-file "../../../.pubkeys/ssh/rsa4096-6765FB18.pub"))
(define %collin-rsa-key (local-file "../../../.pubkeys/rsa2048-ED51AB07.pub")) (define %collin-rsa-key (local-file "../../../.pubkeys/ssh/rsa2048-ED51AB07.pub"))
(define syslog-configuration (define syslog-configuration
(plain-file "syslog.conf" (plain-file "syslog.conf"
@ -119,7 +123,10 @@ mail.* -/var/log/maillog
config => (guix-configuration config => (guix-configuration
(inherit config) (inherit config)
(authorized-keys (append %guix-signing-keys %default-authorized-guix-keys)) (authorized-keys (append %guix-signing-keys %default-authorized-guix-keys))
(substitute-urls %default-substitute-urls)))))) (substitute-urls (append (list "https://cuirass.genenetwork.org"
"https://substitutes.nonguix.org"
"https://guix-ci.home.rekahsoft.ca")
%default-substitute-urls)))))))
(define (proxmox-vm-lvm-minimal host-name) (define (proxmox-vm-lvm-minimal host-name)
(operating-system (operating-system

View File

@ -331,16 +331,4 @@ PUBLISH-URL."
(guix-service-type config => (guix-service-type config =>
(guix-configuration (guix-configuration
(inherit config) (inherit config)
(extra-options '("--max-jobs=4")) (extra-options '("--max-jobs=4")))))))))
(substitute-urls
(append (list "https://substitutes.nonguix.org")
(guix-configuration-substitute-urls config)))
(authorized-keys
(append (list (plain-file "non-guix.pub"
"(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
)
)"))
(guix-configuration-authorized-keys config))))))))))

View File

@ -0,0 +1,6 @@
(public-key
(ecc
(curve Ed25519)
(q #9578AD6CDB23BA51F9C4185D5D5A32A7EEB47ACDD55F1CCB8CEE4E0570FBF961#)
)
)

View File

@ -0,0 +1,6 @@
(public-key
(ecc
(curve Ed25519)
(q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)
)
)

View File

@ -0,0 +1,6 @@
(public-key
(ecc
(curve Ed25519)
(q #13EBA5788C96A57B32273782E8CB24834338B7DC00D7C0F103CA2C5576409A78#)
)
)