hosting/selfhostblocks
1
0
Fork 0
Code Issues Activity

add nextcloud demo

Browse source 
fixes #62
This commit is contained in:
ibizaman 2023-12-23 22:49:50 -08:00 committed by Pierre Penninckx
parent 40f0f233c2
commit 58bc179192
11 changed files with 650 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

219
demo/nextcloud/README.md Normal file
View file

@ -0,0 +1,219 @@
# Nextcloud Demo {#demo-nextcloud}
**This whole demo is highly insecure as all the private keys are available publicly. This is
only done for convenience as it is just a demo. Do not expose the VM to the internet.**
The [`flake.nix`](./flake.nix) file sets up a Nextcloud server in only about [15
lines](./flake.nix#L29-L45) of related code.
This guide will show how to deploy this setup to a Virtual Machine, like showed
[here](https://nixos.wiki/wiki/NixOS_modules#Developing_modules), in 6 commands.
## Deploy to the VM {#deploy-to-the-vm}
Build the VM and start it:
```bash
rm nixos.qcow2; \
nixos-rebuild build-vm-with-bootloader --fast -I nixos-config=./configuration.nix -I nixpkgs=. ; \
QEMU_NET_OPTS="hostfwd=tcp::2222-:2222,hostfwd=tcp::8080-:80" ./result/bin/run-nixos-vm
```
This last call is blocking, so I advice adding a `&` at the end of the command otherwise you will
need to run the rest of the commands in another terminal.
The nested command, the one in between the parenthesis `$(...)` is used to print the VM's public age key, whic.
With the VM started, make the secrets in `secrets.yaml` decryptable in the VM. This change will
appear in `git status` but you don't need to commit this.
```bash
SOPS_AGE_KEY_FILE=keys.txt \
nix run --impure nixpkgs#sops -- --config sops.yaml -r -i \
--add-age $(nix shell nixpkgs#ssh-to-age --command sh -c 'ssh-keyscan -p 2222 -t ed25519 -4 localhost 2>/dev/null | ssh-to-age') \
secrets.yaml
```
If you forget this step, the deploy will seem to go fine but the secrets won't be populated and
Nextcloud will not start.
Make the ssh key private:
```bash
chmod 600 sshkey
```
This is only needed because git mangles with the permissions. You will not even see this change in
`git status`.
You can ssh into the VM with, but this is not required for the demo:
```bash
ssh -F ssh_config example
```
Finally, deploy with:
```bash
SSH_CONFIG_FILE=ssh_config nix run nixpkgs#colmena --impure -- apply
```
The deploy will take a few minutes the first time and subsequent deploys will take around 15
seconds.
## Access Nextcloud Through Your Browser {#access-nextcloud-through-your-browser}
Add the following entry to your `/etc/hosts` file:
```nix
networking.hosts = {
"127.0.0.1" = [ "n.example.com" ];
};
```
Which produces:
```bash
$ cat /etc/hosts
127.0.0.1 n.example.com
```
Go to [http://n.example.com:8080](http://n.example.com:8080) and login with:
- username: `root`
- password: the value of the field `nextcloud.adminpass` in the `secrets.yaml` file which is `43bb4b8f82fc645ce3260b5db803c5a8`.
Nextcloud doesn't like being run without SSL protection, which this demo does not setup yet, so you
might see errors loading scripts.
## In More Details {#in-more-details}
### Files {#files}
- [`flake.nix`](./flake.nix): nix entry point, defines one target host for
[colmena](https://colmena.cli.rs) to deploy to as well as the selfhostblock's config for
setting up the Nextcloud service.
- [`configuration.nix`](./configuration.nix): defines all configuration required for colmena
to deploy to the VM. The file has comments if you're interested.
- [`hardware-configuration.nix`](./hardware-configuration.nix): defines VM specific layout.
This was generated with nixos-generate-config on the VM.
- Secrets related files:
- [`keys.txt`](./keys.txt): your private key for sops-nix, allows you to edit the `secrets.yaml`
file. This file should never be published but here I did it for convenience, to be able to
deploy to the VM in less steps.
- [`secrets.yaml`](./secrets.yaml): encrypted file containing required secrets for Nextcloud. This file can be publicly accessible.
- [`sops.yaml`](./sops.yaml): describes how to create the `secrets.yaml` file. Can be publicly
accessible.
- SSH related files:
- [`sshkey(.pub)`](./sshkey): your private and public ssh keys. Again, the private key should usually not
be published as it is here but this makes it possible to deploy to the VM in less steps.
- [`ssh_config`](./ssh_config): the ssh config allowing you to ssh into the VM by just using the
hostname `example`. Usually you would store this info in your `~/.ssh/config` file but it's
provided here to avoid making you do that.
### Virtual Machine {#virtual-machine}
_More info about the VM._
We use `build-vm-with-bootloader` instead of just `build-vm` as that's the only way to deploy to the VM.
The VM's User and password are both `nixos`, as setup in the [`configuration.nix`](./configuration.nix) file under
`user.users.nixos.initialPassword`.
You can login with `ssh -F ssh_config example`. You just need to accept the fingerprint.
The VM's hard drive is a file name `nixos.qcow2` in this directory. It is created when you first create the VM and re-used since. You can just remove it when you're done.
That being said, the VM uses `tmpfs` to create the writable nix store so if you stumble in a disk
space issue, you must increase the
`virtualisation.vmVariantWithBootLoader.virtualisation.memorySize` setting.
### Secrets {#secrets}
_More info about the secrets._
The private key in the `keys.txt` file is created with:
```bash
$ nix shell nixpkgs#age --command age-keygen -o keys.txt
Public key: age1algdv9xwjre3tm7969eyremfw2ftx4h8qehmmjzksrv7f2qve9dqg8pug7
```
We use the printed public key in the `admin` field of the `sops.yaml` file.
The `secrets.yaml` file must follow the format:
```yaml
nextcloud:
adminpass: 43bb4b8f82fc645ce3260b5db803c5a8
onlyoffice:
jwt_secret: XYZ...
```
To open the `secrets.yaml` file and optionnally edit it, run:
```bash
SOPS_AGE_KEY_FILE=keys.txt nix run --impure nixpkgs#sops -- \
--config sops.yaml \
secrets.yaml
```
You can generate random secrets with:
```bash
$ nix run nixpkgs#openssl -- rand -hex 64
```
If you choose a password too small, ldap could refuse to start.
#### Why do we need the VM's public key {#public-key-necessity}
The [`sops.yaml`](./sops.yaml) file describes what private keys can decrypt and encrypt the
[`secrets.yaml`](./secrets.yaml) file containing the application secrets. Usually, you will create and add
secrets to that file and when deploying, it will be decrypted and the secrets will be copied
in the `/run/secrets` folder on the VM. We thus need one private key for you to edit the
[`secrets.yaml`](./secrets.yaml) file and one in the VM for it to decrypt the secrets.
Your private key is already pre-generated in this repo, it's the [`sshkey`](./sshkey) file. But when
creating the VM in the step above, a new private key and its accompanying public key were
automatically generated under `/etc/ssh/ssh_host_ed25519_key` in the VM. We just need to get the
public key and add it to the `secrets.yaml` which we did in the Deploy section.
### SSH {#ssh}
The private and public ssh keys were created with:
```bash
ssh-keygen -t ed25519 -f sshkey
```
You don't need to copy over the ssh public key over to the VM as we set the `keyFiles` option which copies the public key when the VM gets created.
This allows us also to disable ssh password authentication.
For reference, if instead you didn't copy the key over on VM creating and enabled ssh
authentication, here is what you would need to do to copy over the key:
```bash
$ nix shell nixpkgs#openssh --command ssh-copy-id -i sshkey -F ssh_config example
```
### Deploy {#deploy}
If you get a NAR hash mismatch error like hereunder, you need to run `nix flake lock --update-input
selfhostblocks`.
```
error: NAR hash mismatch in input ...
```
### Update Demo {#update-demo}
If you update the Self Host Blocks configuration in `flake.nix` file, you can just re-deploy.
If you update the `configuration.nix` file, you will need to rebuild the VM from scratch.
If you update a module in the Self Host Blocks repository, you will need to update the lock file with:
```bash
nix flake lock --override-input selfhostblocks ../.. --update-input selfhostblocks
```

65
demo/nextcloud/configuration.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, pkgs, ... }:
let
targetUser = "nixos";
targetPort = 2222;
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.loader.grub.enable = true;
boot.kernelModules = [ "kvm-intel" ];
system.stateVersion = "22.11";
# Options above are generate by running nixos-generate-config on the VM.
# Needed otherwise deploy will say system won't be able to boot.
boot.loader.grub.device = "/dev/vdb";
# Needed to avoid getting into not available disk space in /boot.
boot.loader.grub.configurationLimit = 1;
# The NixOS /nix/.rw-store mountpoint is backed by tmpfs which uses memory. We need to increase
# the available disk space to install home-assistant.
virtualisation.vmVariantWithBootLoader.virtualisation.memorySize = 8192;
# Options above are needed to deploy in a VM.
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# We need to create the user we will deploy with.
users.users.${targetUser} = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
initialPassword = "nixos";
# With this option, you don't need to use ssh-copy-id to copy the public ssh key to the VM.
openssh.authorizedKeys.keyFiles = [
./sshkey.pub
];
};
# The user we're deploying with must be able to run sudo without password.
security.sudo.extraRules = [
{ users = [ targetUser ];
commands = [
{ command = "ALL";
options = [ "NOPASSWD" ];
}
];
}
];
# Needed to allow the user we're deploying with to write to the nix store.
nix.settings.trusted-users = [
targetUser
];
# We need to enable the ssh daemon to be able to deploy.
services.openssh = {
enable = true;
ports = [ targetPort ];
permitRootLogin = "no";
passwordAuthentication = false;
};
}

170
demo/nextcloud/flake.lock Normal file
View file

@ -0,0 +1,170 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nix-flake-tests": {
"locked": {
"lastModified": 1677844186,
"narHash": "sha256-ErJZ/Gs1rxh561CJeWP5bohA2IcTq1rDneu1WT6CVII=",
"owner": "antifuchs",
"repo": "nix-flake-tests",
"rev": "bbd9216bd0f6495bb961a8eb8392b7ef55c67afb",
"type": "github"
},
"original": {
"owner": "antifuchs",
"repo": "nix-flake-tests",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1687681650,
"narHash": "sha256-M2If+gRcfpmaJy/XbfSsRzLlPpoU4nr0NHnKKl50fd8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1c9db9710cb23d60570ad4d7ab829c2d34403de3",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1687031877,
"narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1686628398,
"narHash": "sha256-jXEuS/dex59Oon4tll+Jb8aVl6B8HX/aREigHjt2S6E=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "202850e1a11a939364cef0f326cb1352b3f2d8cd",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nmdsrc": {
"flake": false,
"locked": {
"lastModified": 1701431551,
"narHash": "sha256-5HPHG1u3koaWHG/TXHl5/YxYPYOuKc58104btrD8ypE=",
"ref": "refs/heads/master",
"rev": "f18defadcc25e69e95b04493ee02682005472255",
"revCount": 65,
"type": "git",
"url": "https://git.sr.ht/~rycee/nmd"
},
"original": {
"type": "git",
"url": "https://git.sr.ht/~rycee/nmd"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"selfhostblocks": "selfhostblocks",
"sops-nix": "sops-nix"
}
},
"selfhostblocks": {
"inputs": {
"flake-utils": "flake-utils",
"nix-flake-tests": "nix-flake-tests",
"nixpkgs": [
"nixpkgs"
],
"nmdsrc": "nmdsrc",
"sops-nix": [
"sops-nix"
]
},
"locked": {
"lastModified": 1703412385,
"narHash": "sha256-nPOnGY7V54rZezB0RelV2Kvqtv7yd84247y8AJg66rY=",
"owner": "ibizaman",
"repo": "selfhostblocks",
"rev": "40f0f233c247b26f98b8912ffab0feb8283744d1",
"type": "github"
},
"original": {
"owner": "ibizaman",
"repo": "selfhostblocks",
"type": "github"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": "nixpkgs_2",
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1687398569,
"narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "2ff6973350682f8d16371f8c071a304b8067f192",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

64
demo/nextcloud/flake.nix Normal file
View file

@ -0,0 +1,64 @@
{
description = "Home Assistant example for Self Host Blocks";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
sops-nix.url = "github:Mic92/sops-nix";
selfhostblocks.url = "github:ibizaman/selfhostblocks";
selfhostblocks.inputs.nixpkgs.follows = "nixpkgs";
selfhostblocks.inputs.sops-nix.follows = "sops-nix";
};
outputs = inputs@{ self, nixpkgs, sops-nix, selfhostblocks, ... }: {
colmena = {
meta = {
nixpkgs = import nixpkgs {
system = "x86_64-linux";
};
specialArgs = inputs;
};
myserver = { config, ... }: {
imports = [
./configuration.nix
sops-nix.nixosModules.default
selfhostblocks.nixosModules.x86_64-linux.default
];
# Used by colmena to know which target host to deploy to.
deployment = {
targetHost = "example";
targetUser = "nixos";
targetPort = 2222;
};
shb.nextcloud = {
enable = true;
domain = "example.com";
subdomain = "n";
dataDir = "/var/lib/nextcloud";
tracing = null;
# This option is only needed because we do not access Nextcloud at the default port in the VM.
externalFqdn = "n.example.com:8080";
adminPassFile = config.sops.secrets."nextcloud/adminpass".path;
};
# Secret needed for services.nextcloud.config.adminpassFile.
sops.secrets."nextcloud/adminpass" = {
sopsFile = ./secrets.yaml;
mode = "0440";
owner = "nextcloud";
group = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ];
};
# Set to true for more debug info with `journalctl -f -u nginx`.
shb.nginx.accessLog = true;
shb.nginx.debugLog = false;
};
};
};
}

64
demo/nextcloud/hardware-configuration.nix Normal file
View file

@ -0,0 +1,64 @@
# This file was generated by running nixos-generate-config on the VM.
#
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/vda";
fsType = "ext4";
};
fileSystems."/nix/.ro-store" =
{ device = "nix-store";
fsType = "9p";
};
fileSystems."/nix/.rw-store" =
{ device = "tmpfs";
fsType = "tmpfs";
};
fileSystems."/tmp/shared" =
{ device = "shared";
fsType = "9p";
};
fileSystems."/tmp/xchg" =
{ device = "xchg";
fsType = "9p";
};
fileSystems."/nix/store" =
{ device = "overlay";
fsType = "overlay";
};
fileSystems."/boot" =
{ device = "/dev/vdb2";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eth0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

3
demo/nextcloud/keys.txt Normal file
View file

@ -0,0 +1,3 @@
# created: 2023-11-17T00:05:25-08:00
# public key: age1algdv9xwjre3tm7969eyremfw2ftx4h8qehmmjzksrv7f2qve9dqg8pug7
AGE-SECRET-KEY-1EPLAHXWDEM5ZZAU7NFGHT5TWU08ZUCWTHYTLD8XC89350MZ0T79SA2MQAL

42
demo/nextcloud/secrets.yaml Normal file
View file

@ -0,0 +1,42 @@
nextcloud:
adminpass: ENC[AES256_GCM,data:3FXgVNzKAKrQxoDmRIq188YYrfiEEyYqU3lgwydXHp4=,iv:KoxmL9tLPBoIJT7rxkEhxrQqZFicbEm8qXbZMrnHSGY=,tag:nBt+8ciDRBiUzg3JEmiYnw==,type:str]
onlyoffice:
jwt_secret: ENC[AES256_GCM,data:+6qLNuOaFYRT092i1mkboi4DswEbcv/5+fQ0TpTCMkToWtNoxce5FyLoYpJoJIG3Kg5rrpNkfUYDugG9/5KWFu+31h8i8JdsxyiG0GGjtMbaUCzgiUyL+apMxl4S2b6jS2tGoExZhbgDFErE3p/wM5JTic1DE5HsFQr/49JI78w=,iv:TFs+fTlMGWKTVJ3pUmXCpGskQ2h6uSLr+TlmG6OXQYg=,tag:/Z6oSecHHhZVx/jpbx4Wgw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1algdv9xwjre3tm7969eyremfw2ftx4h8qehmmjzksrv7f2qve9dqg8pug7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRFc0aGZxa1RaWmZ4SlRk
c2MweTlQdGNQZE1VTDhrTHUzZ2pocUJFWEhNCndjcHB2elp0Zk1MbEFKTzN6a3pI
amdmSERWRFU4dzY1ck5MUE14SXV2c1UKLS0tIFk2MktiV1ljb3E3aXBFdTVlNUk0
QWZUZWc4amJFVkkxb0tPc1FmeklTNFEK1Pqwg8AI2yw3y9dU9p6Mx2bhKb3lUPt7
WhyWZbRT4zKjkcUp2NazqMKM35ru5i0037praFJgz05zkStn6twMqA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ej98rmjug4j0psyr3ppwmddtu868mlhknjkcx4a7yjrgk480dfrs3ayjl9
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHckF2U0NLaXhsaGVtcms2
bWZWN1RLQXh3VXRHTzQyM20wTFd0NVA5WTFBCjZvcXlDQS81NXhFRmlHZVV4WHRT
VUhteXIyc1dtRE1OZmk1MmVaM3VzSkEKLS0tIGgrYzFaRkdwMnNEc1F1MGNwQjVx
U3RwYXR6elZ4YTFTNGk4dDVuaUhDUjQKfkIG0oDVqDfSZCxHOZThFlY2V0KpXwBY
D7eodJ26fjJBAaqbvZkWF/BMCKTpAs4cQEHIW70yu6c+kMdV10D9fA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1j6scagnygyzr4q96l0a5ntwgjqj7xscx5sx4avy7fry3fzgcff8se0ylfq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2cm5oRXpPTER3a0djWVov
b2E3UjVNQnNKdFVxZnpkN0l6MjdkdDdXbkZrCk1nQ3Z3Y1psZmdRelJsZkRmV2Zk
WWVXMVplL0gxRDFlemhGQVp3eDhuajgKLS0tIGMxQVJjc0xkOVIrSzFYNXk0MHNM
aHg3S3MycVJTcVZvR0hYZ1RXelhqcWMKsb4tbh/q/XDdDmwkxLvaa5olDjYIGIVH
oZSqSF4ws7bRPTX8WAFFyoRw2kcZyc41WfBY1/8DcBKE/SHe5TKPEg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-12-22T07:04:41Z"
mac: ENC[AES256_GCM,data:J9EsLR+Rr23io0zx7NnHahds3Y4PNGgKoooLb4hXXeu/sORz+IWALhnF35SHsZaAAvwdCtjy5G7jrryRMKWGXy1uMs7WcsDGtI36Q9DVBuUav8gLWes0NEMv62nKrruS1zMcgYQdEPo7AL3sadbQxusEQNbhVfGxbiPXE9U3sfE=,iv:EpwwUnIhQeIHB13GBHFYELMeo36Qm45G382wQTcE8FM=,tag:Jb9C28oQjzsGVE1oFJzIBg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

7
demo/nextcloud/sops.yaml Normal file
View file

@ -0,0 +1,7 @@
keys:
- &admin age1algdv9xwjre3tm7969eyremfw2ftx4h8qehmmjzksrv7f2qve9dqg8pug7
creation_rules:
- path_regex: secrets.yaml$
key_groups:
- age:
- *admin

8
demo/nextcloud/ssh_config Normal file
View file

@ -0,0 +1,8 @@
Host example
Port 2222
User nixos
HostName 127.0.0.1
IdentityFile sshkey
IdentitiesOnly yes
StrictHostKeyChecking no
UserKnownHostsFile=/dev/null

7
demo/nextcloud/sshkey Normal file
View file

@ -0,0 +1,7 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACD7ngEdcDu4UVbe2ZzBhKn2HhPW0PlEmgEpb/kkMieFIwAAAJiBL8xSgS/M
UgAAAAtzc2gtZWQyNTUxOQAAACD7ngEdcDu4UVbe2ZzBhKn2HhPW0PlEmgEpb/kkMieFIw
AAAECzMZfgJIQJUVgyKZ3IYnEVvwnYXJ8nstc4/g1H41dC/vueAR1wO7hRVt7ZnMGEqfYe
E9bQ+USaASlv+SQyJ4UjAAAAEWV4YW1wbGVAbG9jYWxob3N0AQIDBA==
-----END OPENSSH PRIVATE KEY-----

1
demo/nextcloud/sshkey.pub Normal file
View file

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPueAR1wO7hRVt7ZnMGEqfYeE9bQ+USaASlv+SQyJ4Uj example@localhost