krebs: set host key for hosts with ssh.privkey

This commit is contained in:
tv 2015-09-27 16:15:53 +02:00
parent 5a0d8f45c1
commit 18cfca4fe8
2 changed files with 26 additions and 8 deletions

View File

@ -104,7 +104,11 @@ let
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
programs.ssh.knownHosts =
services.openssh.hostKeys =
let inherit (config.krebs.build.host.ssh) privkey; in
mkIf (privkey != null) (mkForce [privkey]);
services.openssh.knownHosts =
mapAttrs
(name: host: {
hostNames =
@ -550,7 +554,7 @@ let
'';
};
};
ssh.privkey = <secrets/ssh.id_ed25519>;
ssh.privkey.path = <secrets/ssh.id_ed25519>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
};
ire = {

View File

@ -57,13 +57,27 @@ types // rec {
else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null;
};
ssh.privkey = mkOption {
type = either path str;
apply = x: {
path = toString x;
string = x;
}.${typeOf x};
type = nullOr (submodule {
options = {
bits = mkOption {
type = nullOr (enum ["4096"]);
default = null;
};
path = mkOption {
type = either path str;
apply = x: {
path = toString x;
string = x;
}.${typeOf x};
};
type = mkOption {
type = enum ["rsa" "ed25519"];
default = "ed25519";
};
};
});
default = null;
};
};
});