b810956802
Supporting SSH turned-out to be a bit of a saga... Thank you @espes and @grfn for the pointers. Problem: When I originally setup my Google VM, I followed this tutorial, https://nixos.wiki/wiki/Install_NixOS_on_GCE, so I ended-up installing `nixos-20-03`: an older version of NixOS, (the newest version in `gsutils ls -l gs://nixos-images`). Critically, I missed this important footnote: > NOTE: Newer images (from 20.09 on) won't be available at the bucket above, and > will instead need to be found at > <nixpkgs/nixos/modules/virtualisation/gce-images.nix>. It turns out that *newer* images include this script... https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/fetch-instance-ssh-keys.bash ...which reads the key, "sshKeys", from the Google metadata server and copies the value into /root/.ssh/authorized_keys. To make matters a bit misleading, the NixOS script expects the key to be "sshKeys", but Google deprecated that in favor of "ssh-keys" (hence why both versions appear in this commit). TL;DR: - upgrading to a newer NixOS image - adding an empty access_config block so Google will assign my VM an external IP - removing oslogin (not necessary to do, and I may add it back later) - adding my public SSH key as metadata Change-Id: If624fe77afd47b31fa7be0a1dd4a55512317eef0 Reviewed-on: https://cl.tvl.fyi/c/depot/+/4737 Tested-by: BuildkiteCI Reviewed-by: wpcarro <wpcarro@gmail.com> Autosubmit: wpcarro <wpcarro@gmail.com> |
||
|---|---|---|
| .. | ||
| .gitsecret | ||
| assessments | ||
| boilerplate | ||
| buildHaskell | ||
| ci | ||
| configs | ||
| dotfiles | ||
| emacs | ||
| go | ||
| gopkgs | ||
| haskell-file | ||
| lisp | ||
| nixos | ||
| playbooks | ||
| scratch | ||
| terraform | ||
| todo-lists | ||
| tools | ||
| utils | ||
| website | ||
| zoo | ||
| .envrc | ||
| .gitignore | ||
| common.nix | ||
| keys.nix | ||
| Makefile | ||
| OWNERS | ||
| README.md | ||
| secrets.json.secret | ||
wpcarro
Welcome to my monorepo.
Herein you will find a variety of libraries, packages, and documents. Some of this work in finished and other work is incomplete or just a sketch for a future project.
Where applicable, I try to include README.md files in some of the
subdirectories to help orient both myself and any onlookers.
Sign posts
Below I have outlined a few projects that you might find interesting.
boilerplate: scaffolding for projects. Boilerplate's goal is to reduce the startup costs of a project.configs: my dotfiles (e.g.config.fish,init.vim).emacs: Emacs is both my preferred text editor and my window manager; with tens of thousands of lines of Emacs Lisp, you can safely assume that this directory hosts a lot of libraries and packages.monzo_ynab:systemdtimer unit that imports my Monzo (i.e. a U.K.-based online bank) transactions into the personal finance tool YNAB (i.e. youneedabudget.com).nixos: my declarative configuration for my NixOS machines. If you are unfamiliar with Nix, I recommend reading about the NixOS project.tools: some scripts and projects that simplify my life.website: everything required to build my website, https://wpcarro.dev.
Notes to self
Here are a few reminders when setting up a new machine:
- Ensure
~/.password-storeexists. - Run
export_gpgfrom a computer with my gpg credentials. Runimport_gpgfrom the new machine. - Ensure the new machine can access my Github.