feat(xanthous/server): Load host secret key from disk r/3028

Rather than randomly generating a new host key every time we run the
server, load the host's secret key from a file on disk at startup, so
that clients don't have to disable host key verification to connect
every time we restart.

Change-Id: I4d283bc919f4825789f686a98c174a71929087a6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3819
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>

1 files changed, 6 insertions, 0 deletions

diff --git a/users/grfn/xanthous/server/module.nix b/users/grfn/xanthous/server/module.nix
index 11adda955d2c..cbc10c014de5 100644
--- a/users/grfn/xanthous/server/module.nix
+++ b/users/grfn/xanthous/server/module.nix
@@ -24,6 +24,11 @@ in {
         default = depot.users.grfn.xanthous.server.docker;
         description = "OCI image file to run";
       };
+
+      ed25519SecretKeyFile = mkOption {
+        type = with types; uniq string;
+        description = "Path to the ed25519 secret key for the server";
+      };
     };
   };
 
@@ -36,6 +41,7 @@ in {
         "${toString cfg.port}:22"
         "${toString cfg.metricsPort}:9000"
       ];
+      environment.SECRET_KEY_FILE = "/etc/secrets/xanthous-server-secret-key";
     };
   };
 }