From c551a417940f9c66b4346c5813c2550f06269380 Mon Sep 17 00:00:00 2001 From: sefidel Date: Thu, 2 Feb 2023 18:47:44 +0900 Subject: feat(colmena/cobalt): use impermanence --- colmena/cobalt/configuration.nix | 17 ++++++++++++++--- colmena/default.nix | 1 + 2 files changed, 15 insertions(+), 3 deletions(-) (limited to 'colmena') diff --git a/colmena/cobalt/configuration.nix b/colmena/cobalt/configuration.nix index b3d05b9..e115859 100644 --- a/colmena/cobalt/configuration.nix +++ b/colmena/cobalt/configuration.nix @@ -109,11 +109,22 @@ in users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ]; services.openssh.enable = true; services.openssh.permitRootLogin = "prohibit-password"; - - nix.nixPath = [ - "nixos-config=/persist/etc/nixos" + # mkdir -p /persist/etc/ssh + services.openssh.hostKeys = [ + { + path = "/persist/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } ]; + # impermanence requirement + fileSystems."/persist".neededForBoot = true; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/colmena/default.nix b/colmena/default.nix index 2fa7bc6..99945e6 100644 --- a/colmena/default.nix +++ b/colmena/default.nix @@ -17,6 +17,7 @@ cobalt = self.lib.mkColmena { name = "cobalt"; system = "x86_64-linux"; + inputs = inputs; deployment = { targetHost = "cobalt.sefidel.com"; targetPort = 22; -- cgit 1.4.1