| Commit message (Collapse) | Author |
|---|
|
|
|
The `/var/lib/sshd` directory is only mounted _after_ the stage 2 init,
thus also after the system activation. Agenix, which runs in the system
activation needs the hostkey however to decrypt the secrets needed for
some units (as of right now only keycloak).
Alas the only way I see to achieve that is to store the ssh hostkey
directly on /srv, which is mounted before (it's marked as 'neededForBoot'
after all) the stage 2 init.
It should be possible to achieve this with impermanence however,
as `/var/log` is mounted in the stage 1 init; The problem is that I
have no idea _why_ only this is the only directory mounted and nothing else.
|
|
|
|
|
|
settings.PassowrdAuthentication
|
|
All users are in the wheel group, thus direct login as root is no longer
needed.
|
|
|
|
We used the domain name instead of the host name, which obviously
doesn't work for multiple host. In addition to that I changed some
directory to make importing easier and enabled the "nix-command" and
"flakes" experimental options, to make the `nix flake check` command
usable.
Refs: #15
|
|
|
|
I changed the valid ssh-host-keys from both rsa and ed25519 to
only ed25519 and moved them to `/srv/ssh` to make them persistent.
In addition to that, I also increased the rounds for the ed25519 key to
1000.
This fixes the ssh-host-key issue introduced by pull request #5.
Fixes: #5
|
