Add configs for a new kubernetes cluster on NixOS.

2025-11-30 14:32:36 -05:00
parent 8d3ebf7ba2
commit f981bfff97
58 changed files with 3221 additions and 0 deletions
--- a/nix/kubernetes/roles/sshd/default.nix
+++ b/nix/kubernetes/roles/sshd/default.nix
@@ -0,0 +1,49 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+{
+  imports = [ ];
+
+  options.me = {
+    sshd.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      example = true;
+      description = "Whether we want to install sshd.";
+    };
+  };
+
+  config = lib.mkIf config.me.sshd.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        KbdInteractiveAuthentication = false;
+      };
+      hostKeys = [
+        {
+          path = "/persist/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+        {
+          path = "/persist/ssh/ssh_host_rsa_key";
+          type = "rsa";
+          bits = 4096;
+        }
+      ];
+    };
+
+    environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
+      hideMounts = true;
+      files = [
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+      ];
+    };
+  };
+}