diff options
| author | tv <tv@shackspace.de> | 2015-09-27 16:15:53 +0200 |
|---|---|---|
| committer | tv <tv@shackspace.de> | 2015-09-27 16:15:53 +0200 |
| commit | 18cfca4fe8d94f11c004fe72289b10c32a89ed68 (patch) | |
| tree | 15c7dd48337f5f1c85e39168e9431ad2f5f68a71 /krebs | |
| parent | 5a0d8f45c173815d3d460453956212c2ad8df3a7 (diff) | |
krebs: set host key for hosts with ssh.privkey
Diffstat (limited to 'krebs')
| -rw-r--r-- | krebs/3modules/default.nix | 8 | ||||
| -rw-r--r-- | krebs/4lib/types.nix | 26 |
2 files changed, 26 insertions, 8 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 8e79cd014..4a9be8676 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -104,7 +104,11 @@ let combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones; - programs.ssh.knownHosts = + services.openssh.hostKeys = + let inherit (config.krebs.build.host.ssh) privkey; in + mkIf (privkey != null) (mkForce [privkey]); + + services.openssh.knownHosts = mapAttrs (name: host: { hostNames = @@ -550,7 +554,7 @@ let ''; }; }; - ssh.privkey = <secrets/ssh.id_ed25519>; + ssh.privkey.path = <secrets/ssh.id_ed25519>; ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw"; }; ire = { diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix index a7df92084..0aa594fb1 100644 --- a/krebs/4lib/types.nix +++ b/krebs/4lib/types.nix @@ -57,13 +57,27 @@ types // rec { else trace "The option `krebs.hosts.${config.name}.ssh.pubkey' is unused." null; }; ssh.privkey = mkOption { - type = either path str; - apply = x: { - path = toString x; - string = x; - }.${typeOf x}; + type = nullOr (submodule { + options = { + bits = mkOption { + type = nullOr (enum ["4096"]); + default = null; + }; + path = mkOption { + type = either path str; + apply = x: { + path = toString x; + string = x; + }.${typeOf x}; + }; + type = mkOption { + type = enum ["rsa" "ed25519"]; + default = "ed25519"; + }; + }; + }); + default = null; }; - }; }); |