diff options
| author | Robby Zambito <contact@robbyzambito.me> | 2026-04-05 19:57:28 -0400 |
|---|---|---|
| committer | Robby Zambito <contact@robbyzambito.me> | 2026-04-06 19:44:50 -0400 |
| commit | c6eaf34e6a4e1e1e3b316b3edaa4ba39e3451ab8 (patch) | |
| tree | a7a29cb25f36d3a08f2b029634e297365e67b640 /config | |
| parent | 98be644662919e8af7081a3324962f06d6f862f1 (diff) | |
refactor(config/ssh): extract SSH configuration into dedicated module
Move SSH host definitions and authorized keys from home.scm into
config/ssh.scm following the Guix service record pattern.
Exports:
- ssh-hosts: openssh-host records for static hosts and dynamically
generated Red Team Kali VMs (2 VCEs × 10 VMs each)
- ssh-authorized-keys: Imported from secrets.scm
Integrate into home.scm via renamed exports (rz/ssh-hosts,
rz/ssh-authorized-keys) consumed by home-openssh-service-type.
Files changed:
- config/ssh.scm: new module with SSH configuration
- home.scm: removed inline SSH block, added module imports
Diffstat (limited to 'config')
| -rw-r--r-- | config/ssh.scm | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/config/ssh.scm b/config/ssh.scm new file mode 100644 index 0000000..59d848d --- /dev/null +++ b/config/ssh.scm @@ -0,0 +1,105 @@ +(define-library (config ssh) + (export ssh-hosts + ssh-authorized-keys) + (import (guile) + (guix utils) + (scheme base) + (scheme load) + (guix gexp) ;plain-file + (srfi 1) + (gnu home services ssh)) + (begin + ;; Generate all VCE numbers from 1 to num-vces + (define (generate-openssh-hosts num-vces num-vms-per-vce) + (let ((vce-numbers (iota num-vces 1)) + (vm-numbers (iota num-vms-per-vce 1))) + ;; For each VCE, generate configurations for all VMs + (append-map + (lambda (vce-num) + ;; For each VM number, create a configuration + (map + (lambda (vm-num) + (openssh-host (name (string-append "rt-vce" (number->string vce-num) + "-kali" (number->string vm-num))) + (user "redteam") + (host-name (string-append "172.18.6." (number->string (+ 60 vm-num)))) + (identity-file "/home/robby/.ssh/redteam_key") + (proxy (list + (proxy-jump (host-name (string-append "vce" (number->string vce-num)))))) + (extra-content + (string-append " DynamicForward 8888\n" + " StrictHostKeyChecking no\n" + " UserKnownHostsFile=/dev/null")))) + vm-numbers)) + vce-numbers))) + + (define redteam-kali-vms (generate-openssh-hosts 2 10)) + + (define ssh-hosts + (append (list (openssh-host (name "not-a-pi") + (host-name "10.69.0.1")) + (openssh-host (name "zoinks") + (host-name "zoinks.one")) + (openssh-host (name "lowell-makes") + (host-name "96.81.79.90") + (port 1122)) + (openssh-host (name "lowell-makes-cameo2") + (host-name "cameo2") + (port 22) + (proxy (list + (proxy-jump (host-name "lowell-makes"))))) + (openssh-host (name "lowell-makes-cameo") + (host-name "cameo") + (port 22) + (proxy (list + (proxy-jump (host-name "lowell-makes"))))) + (openssh-host (name "lowell-makes-mogan") + (host-name "mogan") + (port 22) + (proxy (list + (proxy-jump (host-name "lowell-makes"))))) + (openssh-host (name "bustelo") + (host-name "10.5.10.187") + (port 22) + (proxy (list + (proxy-jump (host-name "lowell-makes"))))) + (openssh-host (name "moja") + (host-name "45.77.97.44")) + (openssh-host (name "babel") + (host-name "10.80.80.162")) + (openssh-host (name "alpha.apex") + (host-name "149.28.47.99")) + (openssh-host (name "cnyhackathon-jump") + (host-name "vce.cnyhackathon.org") + (user "rz") + (port 2210) + (extra-content + (string-append " DynamicForward 8888\n"))) + (openssh-host (name "kali") + (user "redteam") + (host-name (string-append "172.18.6." (number->string (+ 60 7)))) + (identity-file "/home/robby/.ssh/redteam_key") + (proxy (list + (proxy-jump (host-name "cnyhackathon-jump")))) + (extra-content + (string-append " DynamicForward 8888\n" + " StrictHostKeyChecking no\n" + " UserKnownHostsFile=/dev/null"))) + (openssh-host (name "vce1") + (host-name "vce1.ncaecybergames.org") + (user "rz") + (port 2210) + (extra-content + (string-append " DynamicForward 8888\n"))) + (openssh-host (name "vce2") + (host-name "vce2.ncaecybergames.org") + (user "rz") + (port 2210) + (extra-content + (string-append " DynamicForward 8888\n")))) + redteam-kali-vms)) + + ;; Authorized keys are pulled from secrets.scm + (define ssh-authorized-keys + (let ((secrets (load (string-append (dirname (current-filename)) "/../secrets.scm")))) + (cdr (assq 'ssh-authorized-keys secrets)))))) |