From bc6cc6eb84dc3bde49d7a6c3b52685bcf4541382 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Sun, 25 Aug 2024 11:37:56 +0300
Subject: [PATCH] ssh8022: expand to more clients and servers

---
 hosts/fra1-b/configuration.nix    | 11 +++++++++++
 hosts/fwminex/configuration.nix   |  1 +
 hosts/mtworx/configuration.nix    |  3 +--
 hosts/vno1-gdrx/configuration.nix | 10 ++++++++++
 4 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/hosts/fra1-b/configuration.nix b/hosts/fra1-b/configuration.nix
index 68f08c8..6c9c4a1 100644
--- a/hosts/fra1-b/configuration.nix
+++ b/hosts/fra1-b/configuration.nix
@@ -10,6 +10,12 @@ in
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
+  age.secrets.ssh8022-server = {
+    file = ../../secrets/ssh8022.age;
+    owner = "spiped";
+    path = "/var/lib/spiped/ssh8022.key";
+  };
+
   boot = {
     loader.systemd-boot.enable = true;
     initrd = {
@@ -67,6 +73,11 @@ in
       sshguard.enable = true;
       tailscale.enable = true;
 
+      ssh8022.server = {
+        enable = true;
+        keyfile = config.age.secrets.ssh8022-server.path;
+      };
+
       remote-builder.server = {
         enable = true;
         uidgid = myData.uidgid.remote-builder;
diff --git a/hosts/fwminex/configuration.nix b/hosts/fwminex/configuration.nix
index 283fa22..248f775 100644
--- a/hosts/fwminex/configuration.nix
+++ b/hosts/fwminex/configuration.nix
@@ -373,6 +373,7 @@ in
       gitea.enable = true;
       hass.enable = true;
       syncthing-relay.enable = true;
+
       ssh8022.server = {
         enable = true;
         keyfile = config.age.secrets.ssh8022-server.path;
diff --git a/hosts/mtworx/configuration.nix b/hosts/mtworx/configuration.nix
index a7e36ed..8caecba 100644
--- a/hosts/mtworx/configuration.nix
+++ b/hosts/mtworx/configuration.nix
@@ -18,7 +18,7 @@ in
 
   age.secrets.ssh8022-client = {
     file = ../../secrets/ssh8022.age;
-    owner = "motiejus";
+    mode = "444";
   };
 
   boot = {
@@ -89,7 +89,6 @@ in
       ssh8022.client = {
         enable = true;
         keyfile = config.age.secrets.ssh8022-client.path;
-
       };
 
       tailscale = {
diff --git a/hosts/vno1-gdrx/configuration.nix b/hosts/vno1-gdrx/configuration.nix
index df32acb..7bf00ff 100644
--- a/hosts/vno1-gdrx/configuration.nix
+++ b/hosts/vno1-gdrx/configuration.nix
@@ -10,6 +10,11 @@ in
     ../../modules/profiles/btrfs
   ];
 
+  age.secrets.ssh8022-client = {
+    file = ../../secrets/ssh8022.age;
+    mode = "444";
+  };
+
   boot = {
     kernelModules = [ "kvm-intel" ];
     loader.systemd-boot.enable = true;
@@ -67,6 +72,11 @@ in
     services = {
       sshguard.enable = false;
 
+      ssh8022.client = {
+        enable = true;
+        keyfile = config.age.secrets.ssh8022-client.path;
+      };
+
       tailscale = {
         enable = true;
         verboseLogs = true;