0d1980f2d6
Rather than randomly generating a new host key every time we run the server, load the host's secret key from a file on disk at startup, so that clients don't have to disable host key verification to connect every time we restart. Change-Id: I4d283bc919f4825789f686a98c174a71929087a6 Reviewed-on: https://cl.tvl.fyi/c/depot/+/3819 Tested-by: BuildkiteCI Reviewed-by: grfn <grfn@gws.fyi>
47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
{ config, lib, pkgs, depot, ... }:
|
|
|
|
let
|
|
cfg = config.services.xanthous-server;
|
|
in {
|
|
options = with lib; {
|
|
services.xanthous-server = {
|
|
enable = mkEnableOption "xanthous server";
|
|
|
|
port = mkOption {
|
|
type = types.int;
|
|
default = 2222;
|
|
description = "Port to listen to for SSH connections";
|
|
};
|
|
|
|
metricsPort = mkOption {
|
|
type = types.int;
|
|
default = 9000;
|
|
description = "Port to listen to for prometheus metrics";
|
|
};
|
|
|
|
image = mkOption {
|
|
type = types.package;
|
|
default = depot.users.grfn.xanthous.server.docker;
|
|
description = "OCI image file to run";
|
|
};
|
|
|
|
ed25519SecretKeyFile = mkOption {
|
|
type = with types; uniq string;
|
|
description = "Path to the ed25519 secret key for the server";
|
|
};
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
virtualisation.oci-containers.containers."xanthous-server" = {
|
|
autoStart = true;
|
|
image = "${cfg.image.imageName}:${cfg.image.imageTag}";
|
|
imageFile = cfg.image;
|
|
ports = [
|
|
"${toString cfg.port}:22"
|
|
"${toString cfg.metricsPort}:9000"
|
|
];
|
|
environment.SECRET_KEY_FILE = "/etc/secrets/xanthous-server-secret-key";
|
|
};
|
|
};
|
|
}
|