krebs: set host key for hosts with ssh.privkey

2015-09-27 16:15:53 +02:00 · 2015-09-27 16:15:53 +02:00 · 18cfca4fe8
commit 18cfca4fe8
parent 5a0d8f45c1
2 changed files with 26 additions and 8 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -104,7 +104,11 @@ let
        combined-hosts = (mapAttrsToList (name: value: value.extraZones)  cfg.hosts );
      in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;

-      programs.ssh.knownHosts =
+      services.openssh.hostKeys =
+        let inherit (config.krebs.build.host.ssh) privkey; in
+        mkIf (privkey != null) (mkForce [privkey]);
+
+      services.openssh.knownHosts =
        mapAttrs
          (name: host: {
            hostNames =
@ -550,7 +554,7 @@ let
            '';
          };
        };
-        ssh.privkey = <secrets/ssh.id_ed25519>;
+        ssh.privkey.path = <secrets/ssh.id_ed25519>;
        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
      };
      ire = {
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@ -57,13 +57,27 @@ types // rec {
            else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null;
      };
      ssh.privkey = mkOption {
-        type = either path str;
-        apply = x: {
-          path = toString x;
-          string = x;
-        }.${typeOf x};
+        type = nullOr (submodule {
+          options = {
+            bits = mkOption {
+              type = nullOr (enum ["4096"]);
+              default = null;
+            };
+            path = mkOption {
+              type = either path str;
+              apply = x: {
+                path = toString x;
+                string = x;
+              }.${typeOf x};
+            };
+            type = mkOption {
+              type = enum ["rsa" "ed25519"];
+              default = "ed25519";
+            };
+          };
+        });
+        default = null;
      };
-
    };
  });