krebs: set host key for hosts with ssh.privkey

2015-09-27 16:15:53 +02:00 · 2015-09-27 16:15:53 +02:00 · 18cfca4fe8
commit 18cfca4fe8
parent 5a0d8f45c1
2 changed files with 26 additions and 8 deletions
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@ -104,7 +104,11 @@ let
        combined-hosts = (mapAttrsToList (name: value: value.extraZones)  cfg.hosts );
      in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
-      programs.ssh.knownHosts =
+      services.openssh.hostKeys =
        let inherit (config.krebs.build.host.ssh) privkey; in
        mkIf (privkey != null) (mkForce [privkey]);
      services.openssh.knownHosts =
        mapAttrs
          (name: host: {
            hostNames =
@ -550,7 +554,7 @@ let
            '';
          };
        };
-        ssh.privkey = <secrets/ssh.id_ed25519>;
+        ssh.privkey.path = <secrets/ssh.id_ed25519>;
        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
      };
      ire = {
--- a/krebs/4lib/types.nix
+++ b/krebs/4lib/types.nix
@ -57,13 +57,27 @@ types // rec {
            else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null;
      };
      ssh.privkey = mkOption {
        type = nullOr (submodule {
          options = {
            bits = mkOption {
              type = nullOr (enum ["4096"]);
              default = null;
            };
            path = mkOption {
              type = either path str;
              apply = x: {
                path = toString x;
                string = x;
              }.${typeOf x};
            };
-
+            type = mkOption {
              type = enum ["rsa" "ed25519"];
              default = "ed25519";
            };
          };
        });
        default = null;
      };
    };
  });