commit 668497c351eeced72a0f93ad4b22d884f38b7eab
parent 4e773365a2c5d4cd1661ca9e6213d29558550daf
Author: Vincent Demeester <vincent@sbr.pm>
Date: Tue, 26 Oct 2021 21:54:23 +0200
systems: enable ssh on naruhodo
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/systems/hosts/naruhodo.nix b/systems/hosts/naruhodo.nix
@@ -157,6 +157,7 @@ in
virtualization = { enable = true; nested = true; };
redhat.enable = true;
scanning.enable = true;
+ ssh.enable = true;
};
environment.systemPackages = with pkgs; [
virtmanager
diff --git a/systems/modules/default.nix b/systems/modules/default.nix
@@ -8,4 +8,5 @@
./virtualisation
"${(import ../../nix/sources.nix).sops-nix}/modules/sops"
];
+ sops.defaultSopsFile = ../../secrets/secrets.yaml;
}
diff --git a/systems/modules/profiles/ssh.nix b/systems/modules/profiles/ssh.nix
@@ -8,6 +8,10 @@ in
options = {
profiles.ssh = {
enable = mkEnableOption "Enable ssh profile";
+ listenAddresses = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ };
forwardX11 = mkOption {
type = types.bool;
default = false;
@@ -23,6 +27,8 @@ in
enable = true;
startWhenNeeded = false;
forwardX11 = cfg.forwardX11;
+ # listenAddresses = map
+ # Move this for kerkouane only
extraConfig = ''
StreamLocalBindUnlink yes
Match User nginx