Sops-Nix

2024-06-03 16:59:11 +02:00
parent 52343cbc23
commit fce5f49e57
29 changed files with 373 additions and 554 deletions
--- a/system-modules/sshd.nix
+++ b/system-modules/sshd.nix
@@ -1,9 +1,19 @@
-{ config, pkgs, lib, secrets, ... }:
+{ host, secrets, ... }:

 {
+  environment.etc."ssh/ssh_host_ed25519_key.pub".text = if (host == "NxNORTH") then
+    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF1r5gUQPPS/dGB0SsvWtP6WdNWoxMwhhHRrqlO19cJt root@NxNORTH"
+    else if ( host == "NxXPS") then
+    ""
+    else 
+    "";
+  sops.secrets."ssh/${host}-ssh_host_ed25519_key" = {
+    mode = "0600";
+    path = "/etc/ssh/ssh_host_ed25519_key.shadow";
+  };
  services.openssh = {
    enable = true;
-    ports = secrets.nx2site.ssh.ports;
+    ports = secrets.ssh.ports;
    settings = {
      PasswordAuthentication = false;
    };