nix: add tests.nix

[sourcephile-nix.git] / servers / mermet / production / lesptts.nix

diff --git a/servers/mermet/production/lesptts.nix b/servers/mermet/production/lesptts.nix
index 9c41aa06d3a4b6fb60f184138e4750ec73ba4b70..2854a7bee2a6ae6766a82a988345299fc6b530cc 100644 (file)
--- a/servers/mermet/production/lesptts.nix
+++ b/servers/mermet/production/lesptts.nix
@@ -30,11 +30,11 @@ boot.initrd.network = {
      # to be able to start unattended, hence the key will be available
      # to anyone who has physically access to the disk where /boot is.
      # NOTE: dropbearkey -t ecdsa -f /tmp/dropbear-ecdsa.key
-     #hostECDSAKey = "../../../sec/tmp/dropbear-ecdsa.key";
-     hostECDSAKey = pass-to-file "servers/mermet/dropbear/ecdsa.key"
-                                 (../../../sec + "/tmp/dropbear-ecdsa.key");
+    hostKeys = [
+      (pass-to-file "servers/mermet/ssh/ecdsa.key"
+                    (../../../sec + "/tmp/mermet.ecdsa.key"))
+    ];
 
-     # WARNING: dropbear does not support (and will ignore) ssh-ed25519 keys
      authorizedKeys = users.users.root.openssh.authorizedKeys.keys;
   };
   # This will automatically load the zfs password prompt on login
@@ -110,7 +110,6 @@ boot.kernel.sysctl = {
   "net.ipv6.conf.enp1s0.disable_ipv6" = 1;
 };
 
-#services.nsd.interfaces = [ netIPv4 ];
 services.knot.extraConfig = lib.mkBefore ''
   server:
     listen: ${netIPv4}@53