ssh8022: expand to more clients and servers

hosts/fra1-b/configuration.nix

@@ -10,6 +10,12 @@ in
 {
   imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
 
+  age.secrets.ssh8022-server = {
+    file = ../../secrets/ssh8022.age;
+    owner = "spiped";
+    path = "/var/lib/spiped/ssh8022.key";
+  };
+
   boot = {
     loader.systemd-boot.enable = true;
     initrd = {
@@ -67,6 +73,11 @@ in
       sshguard.enable = true;
       tailscale.enable = true;
 
+      ssh8022.server = {
+        enable = true;
+        keyfile = config.age.secrets.ssh8022-server.path;
+      };
+
       remote-builder.server = {
         enable = true;
         uidgid = myData.uidgid.remote-builder;

hosts/fwminex/configuration.nix

@@ -373,6 +373,7 @@ in
       gitea.enable = true;
       hass.enable = true;
       syncthing-relay.enable = true;
+
       ssh8022.server = {
         enable = true;
         keyfile = config.age.secrets.ssh8022-server.path;

hosts/mtworx/configuration.nix

@@ -18,7 +18,7 @@ in
 
   age.secrets.ssh8022-client = {
     file = ../../secrets/ssh8022.age;
-    owner = "motiejus";
+    mode = "444";
   };
 
   boot = {
@@ -89,7 +89,6 @@ in
       ssh8022.client = {
         enable = true;
         keyfile = config.age.secrets.ssh8022-client.path;
-
       };
 
       tailscale = {

hosts/vno1-gdrx/configuration.nix

@@ -10,6 +10,11 @@ in
     ../../modules/profiles/btrfs
   ];
 
+  age.secrets.ssh8022-client = {
+    file = ../../secrets/ssh8022.age;
+    mode = "444";
+  };
+
   boot = {
     kernelModules = [ "kvm-intel" ];
     loader.systemd-boot.enable = true;
@@ -67,6 +72,11 @@ in
     services = {
       sshguard.enable = false;
 
+      ssh8022.client = {
+        enable = true;
+        keyfile = config.age.secrets.ssh8022-client.path;
+      };
+
       tailscale = {
         enable = true;
         verboseLogs = true;