summaryrefslogtreecommitdiff
path: root/ymir.nix
diff options
context:
space:
mode:
Diffstat (limited to 'ymir.nix')
-rw-r--r--ymir.nix11
1 files changed, 11 insertions, 0 deletions
diff --git a/ymir.nix b/ymir.nix
index df306121..8f01ad6b 100644
--- a/ymir.nix
+++ b/ymir.nix
@@ -212,9 +212,20 @@ in rec {
212 challengeResponseAuthentication = false; 212 challengeResponseAuthentication = false;
213 extraConfig = '' 213 extraConfig = ''
214 AllowGroups ssh 214 AllowGroups ssh
215
216 HostCertificate /etc/ssh/ssh_host_ed25519_key-cert.pub
217 HostCertificate /etc/ssh/ssh_host_rsa_key-cert.pub
218 RevokedKeys /etc/ssh/krl.bin
215 ''; 219 '';
216 knownHosts = import ./knownHosts.nix; 220 knownHosts = import ./knownHosts.nix;
221 hostKeys = [
222 { bits = 4096; path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; }
223 { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
224 ];
217 }; 225 };
226 environment.etc."ssh/ssh_host_rsa_key-cert.pub".source = ./ymir/rsa-cert.pub;
227 environment.etc."ssh/ssh_host_ed25519_key-cert.pub".source = ./ymir/ed25519-cert.pub;
228 environment.etc."ssh/krl.bin".source = ./krl.bin;
218 users.groups."ssh" = { 229 users.groups."ssh" = {
219 members = ["gitolite" "uucp" "root"]; 230 members = ["gitolite" "uucp" "root"];
220 }; 231 };
generated by cgit v1.2.3 (git 2.25.1) at 2024-10-09 04:31:55 +0000