diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2021-01-02 20:53:17 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2021-01-03 16:21:34 +0100 |
commit | f6e600c20d6a97ebeda23fa2bb5621646222b2b0 (patch) | |
tree | 5551a23218db79e3edbf41557b474121f0745821 /system-profiles/openssh/default.nix | |
parent | f4fa33d0d258c4f66f804ed3fc3be590d8039e6e (diff) | |
download | nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.gz nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.bz2 nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.tar.xz nixos-f6e600c20d6a97ebeda23fa2bb5621646222b2b0.zip |
sif: import config
Diffstat (limited to 'system-profiles/openssh/default.nix')
-rw-r--r-- | system-profiles/openssh/default.nix | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix new file mode 100644 index 00000000..4db3d7db --- /dev/null +++ b/system-profiles/openssh/default.nix | |||
@@ -0,0 +1,36 @@ | |||
1 | { customUtils, lib, config, hostName, ... }: | ||
2 | { | ||
3 | services.openssh = { | ||
4 | enable = true; | ||
5 | knownHosts = lib.zipAttrsWith (_name: values: builtins.head values) (lib.mapAttrsToList (name: lib.mapAttrs' (type: value: lib.nameValuePair "${name}-${type}" value)) (customUtils.recImport { dir = ./known-hosts; })); | ||
6 | |||
7 | hostKeys = [ | ||
8 | { path = "/etc/ssh/ssh_host_rsa_key"; | ||
9 | type = "rsa"; | ||
10 | } | ||
11 | { path = "/etc/ssh/ssh_host_ed25519_key"; | ||
12 | type = "ed25519"; | ||
13 | } | ||
14 | ]; | ||
15 | }; | ||
16 | |||
17 | sops.secrets = { | ||
18 | ssh_host_rsa_key = { | ||
19 | key = "rsa"; | ||
20 | path = "/etc/ssh/ssh_host_rsa_key"; | ||
21 | sopsFile = ./host-keys + "/${hostName}.yaml"; | ||
22 | }; | ||
23 | ssh_host_ed25519_key = { | ||
24 | key = "ed25519"; | ||
25 | path = "/etc/ssh/ssh_host_ed25519_key"; | ||
26 | sopsFile = ./host-keys + "/${hostName}.yaml"; | ||
27 | }; | ||
28 | }; | ||
29 | |||
30 | environment.etc = { | ||
31 | "ssh/ssh_host_rsa_key.pub".text = config.services.openssh.knownHosts."${hostName}-rsa".publicKey; | ||
32 | "ssh/ssh_host_ed25519_key.pub".text = config.services.openssh.knownHosts."${hostName}-ed25519".publicKey; | ||
33 | }; | ||
34 | |||
35 | systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager | ||
36 | } | ||