From 0d1980f2d6e923262ee64b360bca34899c805596 Mon Sep 17 00:00:00 2001
From: Griffin Smith <grfn@gws.fyi>
Date: Mon, 8 Nov 2021 10:54:40 -0500
Subject: feat(xanthous/server): Load host secret key from disk

Rather than randomly generating a new host key every time we run the
server, load the host's secret key from a file on disk at startup, so
that clients don't have to disable host key verification to connect
every time we restart.

Change-Id: I4d283bc919f4825789f686a98c174a71929087a6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3819
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
---
 users/grfn/xanthous/server/module.nix | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'users/grfn/xanthous/server/module.nix')

diff --git a/users/grfn/xanthous/server/module.nix b/users/grfn/xanthous/server/module.nix
index 11adda955d2c..cbc10c014de5 100644
--- a/users/grfn/xanthous/server/module.nix
+++ b/users/grfn/xanthous/server/module.nix
@@ -24,6 +24,11 @@ in {
         default = depot.users.grfn.xanthous.server.docker;
         description = "OCI image file to run";
       };
+
+      ed25519SecretKeyFile = mkOption {
+        type = with types; uniq string;
+        description = "Path to the ed25519 secret key for the server";
+      };
     };
   };
 
@@ -36,6 +41,7 @@ in {
         "${toString cfg.port}:22"
         "${toString cfg.metricsPort}:9000"
       ];
+      environment.SECRET_KEY_FILE = "/etc/secrets/xanthous-server-secret-key";
     };
   };
 }
-- 
cgit 1.4.1