5f9b6e8 os: Move SSH configuration to mixin — radicle-infra

rad:z254T5p17bdFPmzfDojsdjo4HjpoZ

Radicle Infrastructure as Code (NixOS, OpenTofu, …)

os: Move SSH configuration to mixin

Lorenz Leutgeb committed 10 months ago

commit 5f9b6e88ac056cec869d879a107b6bdfe30a3b52
parent 941fbd2

2 files changed +27 -24

modified os/host/seed/ssh.nix

@@ -4,30 +4,7 @@

   lib,
   ...
 }: {
   services = {
     openssh = {
       enable = true;
       settings = {
         PasswordAuthentication = false;
       };
       hostKeys = [
         {
           path = "/etc/ssh/ssh_host_ed25519_key";
           type = "ed25519";
         }
       ];
     };
     sshguard.enable = true;
   };
   sops = {
     age.sshKeyPaths = map (x: x.path) config.services.openssh.hostKeys;
     secrets = {
       "ssh/key".sopsFile = ./sops/ssh.yaml;
     };
   };
   sops.secrets ."ssh/key".sopsFile = ./sops/ssh.yaml;
   environment.etc."ssh/ssh_host_ed25519_key.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMXpC2X07TCIslR907omxrk6J+K3p0rGOMaJAHe1K2i3 ${config.networking.fqdn}";
 }

added os/mixin/ssh.nix

@@ -0,0 +1,26 @@

 {
   pkgs,
   config,
   lib,
   ...
 }: {
   services = {
     openssh = {
       enable = true;
       settings = {
         PasswordAuthentication = false;
       };
       hostKeys = [
         {
           path = "/etc/ssh/ssh_host_ed25519_key";
           type = "ed25519";
         }
       ];
     };
     sshguard.enable = true;
   };
   sops.age.sshKeyPaths = map (x: x.path) config.services.openssh.hostKeys;
 }