feat(whitby): Enable nix.sshServe r/1185

This exposes a binary cache over SSH. Change-Id: Ib934a118cd7315ef76f3dfe795c76a570fbbc47a Reviewed-on: https://cl.tvl.fyi/c/depot/+/895 Reviewed-by: glittershark <grfn@gws.fyi> Reviewed-by: BuildkiteCI Tested-by: BuildkiteCI
author: Vincent Ambo <mail@tazj.in> 2020-07-03T14·22+0100
committer: tazjin <mail@tazj.in> 2020-07-03T14·25+0000
commit: 3ce41f4fa4dc74444ff349a96b6fce8ef49f5d7f (patch)
tree: fb51e7f4c51175b1f21e2c8583aa699da0850d6c
parent: 44dfc50e2a40e2cf753bd2435468daa2fdaef482 (diff)
1 files changed, 9 insertions, 3 deletions
diff --git a/ops/nixos/whitby/default.nix b/ops/nixos/whitby/default.nix
index ef45b91a3b..1be2e41bf0 100644
--- a/ops/nixos/whitby/default.nix
+++ b/ops/nixos/whitby/default.nix
@@ -128,6 +128,14 @@ in systemForConfig {
     trustedUsers = [
       "grfn"
     ];
+
+    sshServe = {
+      enable = true;
+      keys = with depot.users;
+        tazjin.keys.all
+        ++ lukegb.keys.all
+        ++ [ glittershark.keys.whitby ];
+    };
   };
 
   programs.mtr.enable = true;
@@ -171,9 +179,7 @@ in systemForConfig {
     users.tazjin = {
       isNormalUser = true;
       extraGroups = [ "git" "wheel" ];
-      openssh.authorizedKeys.keys = [
-        depot.users.tazjin.keys.frog
-      ];
+      openssh.authorizedKeys.keys = depot.users.tazjin.keys.all;
     };
 
     users.lukegb = {
author	Vincent Ambo <mail@tazj.in>	2020-07-03T14·22+0100
committer	tazjin <mail@tazj.in>	2020-07-03T14·25+0000
commit	3ce41f4fa4dc74444ff349a96b6fce8ef49f5d7f (patch)
tree	fb51e7f4c51175b1f21e2c8583aa699da0850d6c
parent	44dfc50e2a40e2cf753bd2435468daa2fdaef482 (diff)