diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-12 14:06:09 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2022-02-12 14:06:09 +0100 |
commit | ebb52640b558054ce57ad7bcb37ed1f7aff5bdcf (patch) | |
tree | b18bd1ce1434609ab4476a508e3da413623bdaea /ymir.nix | |
parent | 7dfdf54de426b995173cec67b40451f0b83d264a (diff) | |
download | nixos-ebb52640b558054ce57ad7bcb37ed1f7aff5bdcf.tar nixos-ebb52640b558054ce57ad7bcb37ed1f7aff5bdcf.tar.gz nixos-ebb52640b558054ce57ad7bcb37ed1f7aff5bdcf.tar.bz2 nixos-ebb52640b558054ce57ad7bcb37ed1f7aff5bdcf.tar.xz nixos-ebb52640b558054ce57ad7bcb37ed1f7aff5bdcf.zip |
ymir: openssh ca
Diffstat (limited to 'ymir.nix')
-rw-r--r-- | ymir.nix | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -212,9 +212,20 @@ in rec { | |||
212 | challengeResponseAuthentication = false; | 212 | challengeResponseAuthentication = false; |
213 | extraConfig = '' | 213 | extraConfig = '' |
214 | AllowGroups ssh | 214 | AllowGroups ssh |
215 | |||
216 | HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub | ||
217 | HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub | ||
218 | RevokedKeys /etc/ssh/krl.bin | ||
215 | ''; | 219 | ''; |
216 | knownHosts = import ./knownHosts.nix; | 220 | knownHosts = import ./knownHosts.nix; |
221 | hostKeys = [ | ||
222 | { bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; } | ||
223 | { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } | ||
224 | ]; | ||
217 | }; | 225 | }; |
226 | environment.etc."ssh/ssh_host_rsa_key-cert.pub".source = ./ymir/rsa-cert.pub; | ||
227 | environment.etc."ssh/ssh_host_ed25519_key-cert.pub".source = ./ymir/ed25519-cert.pub; | ||
228 | environment.etc."ssh/krl.bin".source = ./krl.bin; | ||
218 | users.groups."ssh" = { | 229 | users.groups."ssh" = { |
219 | members = ["gitolite" "uucp" "root"]; | 230 | members = ["gitolite" "uucp" "root"]; |
220 | }; | 231 | }; |