gum.r: disable privkey setting via krebs

manually configure the secrets instead

3 files changed, 5 insertions, 2 deletions

diff --git a/krebs/3modules/makefu/default.nix b/krebs/3modules/makefu/default.nix
index 0e6e5e7e..401cba97 100644
--- a/krebs/3modules/makefu/default.nix
+++ b/krebs/3modules/makefu/default.nix
@@ -580,7 +580,8 @@ with import <stockholm/lib>;
           '';
         };
       };
-      ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
+      # configured manually
+      # ssh.privkey.path = <secrets/ssh_host_ed25519_key>;
       ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcxWFEPzke/Sdd9qNX6rSJgXal8NmINYajpFCxXfYdj root@gum";
     };
     shoney = rec {
diff --git a/makefu/1systems/gum/config.nix b/makefu/1systems/gum/config.nix
index e1357ff0..e769b1e2 100644
--- a/makefu/1systems/gum/config.nix
+++ b/makefu/1systems/gum/config.nix
@@ -81,7 +81,9 @@ in {
   ];
   makefu.dl-dir = "/var/download";
 
-
+  services.openssh.hostKeys = [
+    { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
+    { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
   ###### stable
   services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
   krebs.build.host = config.krebs.hosts.gum;
diff --git a/makefu/6tests/data/secrets/ssh_host_rsa_key b/makefu/6tests/data/secrets/ssh_host_rsa_key
new file mode 100644
index 00000000..e69de29b
--- /dev/null
+++ b/makefu/6tests/data/secrets/ssh_host_rsa_key