diff options
Diffstat (limited to 'ymir.nix')
-rw-r--r-- | ymir.nix | 11 |
1 files changed, 11 insertions, 0 deletions
@@ -212,9 +212,20 @@ in rec { | |||
212 | challengeResponseAuthentication = false; | 212 | challengeResponseAuthentication = false; |
213 | extraConfig = '' | 213 | extraConfig = '' |
214 | AllowGroups ssh | 214 | AllowGroups ssh |
215 | |||
216 | HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub | ||
217 | HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub | ||
218 | RevokedKeys /etc/ssh/krl.bin | ||
215 | ''; | 219 | ''; |
216 | knownHosts = import ./knownHosts.nix; | 220 | knownHosts = import ./knownHosts.nix; |
221 | hostKeys = [ | ||
222 | { bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; } | ||
223 | { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } | ||
224 | ]; | ||
217 | }; | 225 | }; |
226 | environment.etc."ssh/ssh_host_rsa_key-cert.pub".source = ./ymir/rsa-cert.pub; | ||
227 | environment.etc."ssh/ssh_host_ed25519_key-cert.pub".source = ./ymir/ed25519-cert.pub; | ||
228 | environment.etc."ssh/krl.bin".source = ./krl.bin; | ||
218 | users.groups."ssh" = { | 229 | users.groups."ssh" = { |
219 | members = ["gitolite" "uucp" "root"]; | 230 | members = ["gitolite" "uucp" "root"]; |
220 | }; | 231 | }; |