Mic92/stockholm
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

gum.r: disable privkey setting via krebs

Browse Source 
manually configure the secrets instead
This commit is contained in:
makefu 2017-10-08 23:14:14 +02:00
parent f7f1d7a446
commit 903a1182b5
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
3 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
krebs/3modules/makefu/default.nix
View File

@ -580,7 +580,8 @@ with import <stockholm/lib>;
'';
};
};
ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
# configured manually
# ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
};
shoney = rec {

4
makefu/1systems/gum/config.nix
View File

@ -81,7 +81,9 @@ in {
];
makefu.dl-dir = "/var/download";
services.openssh.hostKeys = [
{ bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
{ path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
###### stable
services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
krebs.build.host = config.krebs.hosts.gum;

0
makefu/6tests/data/secrets/ssh_host_rsa_key Normal file
View File