add the ssh host key

2023-09-20 19:02:27 +01:00 · 2023-09-20 19:02:27 +01:00 · 73cd331583
parent bfbba966c6
commit 73cd331583
1 changed files with 13 additions and 0 deletions
--- a/hosts/hetzner-arm/secrets.nix
+++ b/hosts/hetzner-arm/secrets.nix
@ -15,6 +15,8 @@
    };

    requiredVaultPaths = [
+      "private-public-keys/data/ssh/root@hetzner-arm-decrypt"
+
      "api-keys/data/gitlab/gitlab_pages_serve"
    ];

@ -23,6 +25,17 @@
        manual = true;
      };

+      # this doesn't need to be a secret and can be generated at install time
+      # but it makes it easier to install.
+      # it's stored in /nix store anyway
+      ssh_host_ed25519_key = {
+        path = "/ssh_host_ed25519_key";
+        permissions = "600";
+        fetchScript = ''
+          simple_get "/private-public-keys/ssh/root@hetzner-arm-decrypt" .private | base64 -d > "$secretFile"
+        '';
+      };
+
      # Used directly by server
      # for fetching gitlab static sites
      gitlab_env = {