krebs: set host key for hosts with ssh.privkey
This commit is contained in:
parent
5a0d8f45c1
commit
18cfca4fe8
@ -104,7 +104,11 @@ let
|
||||
combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts );
|
||||
in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
|
||||
|
||||
programs.ssh.knownHosts =
|
||||
services.openssh.hostKeys =
|
||||
let inherit (config.krebs.build.host.ssh) privkey; in
|
||||
mkIf (privkey != null) (mkForce [privkey]);
|
||||
|
||||
services.openssh.knownHosts =
|
||||
mapAttrs
|
||||
(name: host: {
|
||||
hostNames =
|
||||
@ -550,7 +554,7 @@ let
|
||||
'';
|
||||
};
|
||||
};
|
||||
ssh.privkey = <secrets/ssh.id_ed25519>;
|
||||
ssh.privkey.path = <secrets/ssh.id_ed25519>;
|
||||
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
|
||||
};
|
||||
ire = {
|
||||
|
@ -57,13 +57,27 @@ types // rec {
|
||||
else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null;
|
||||
};
|
||||
ssh.privkey = mkOption {
|
||||
type = nullOr (submodule {
|
||||
options = {
|
||||
bits = mkOption {
|
||||
type = nullOr (enum ["4096"]);
|
||||
default = null;
|
||||
};
|
||||
path = mkOption {
|
||||
type = either path str;
|
||||
apply = x: {
|
||||
path = toString x;
|
||||
string = x;
|
||||
}.${typeOf x};
|
||||
};
|
||||
|
||||
type = mkOption {
|
||||
type = enum ["rsa" "ed25519"];
|
||||
default = "ed25519";
|
||||
};
|
||||
};
|
||||
});
|
||||
default = null;
|
||||
};
|
||||
};
|
||||
});
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user