maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(xanthous/server): Load host secret key from disk

Browse source 
Rather than randomly generating a new host key every time we run the
server, load the host's secret key from a file on disk at startup, so
that clients don't have to disable host key verification to connect
every time we restart.

Change-Id: I4d283bc919f4825789f686a98c174a71929087a6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3819
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
This commit is contained in:
Griffin Smith 2021-11-08 10:54:40 -05:00 committed by grfn
parent 7d1ebe996c
commit 0d1980f2d6
2 changed files with 29 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
users/grfn/xanthous/server/module.nix
View file

@ -24,6 +24,11 @@ in {
default = depot.users.grfn.xanthous.server.docker;
description = "OCI image file to run";
};
ed25519SecretKeyFile = mkOption {
type = with types; uniq string;
description = "Path to the ed25519 secret key for the server";
};
};
};
@ -36,6 +41,7 @@ in {
"${toString cfg.port}:22"
"${toString cfg.metricsPort}:9000"
];
environment.SECRET_KEY_FILE = "/etc/secrets/xanthous-server-secret-key";
};
};
}