refactor(ssh): decentralize SSH configuration to per-host services

Restructures SSH trust relationships from global to host-specific configuration
for better locality of concern and principle of least privilege.

Changes:
- Collapse nixos/common/global/ssh/ back to ssh.nix (single-file module)
- Move internal host trust (fuchsia/viridian) to per-host services/ssh/
- Split BorgBase known hosts by repository (li9kg944 for fuchsia, r7ag7x1w for viridian)
- Add viridian SSH server config to accept backup connections from fuchsia
- Add fuchsia borgbackup passphrase for offsite backups
- Configure viridian to create /srv/borg-repo/fuchsia for remote backups

This enables the 3-2-1 backup strategy with fuchsia backing up to both viridian
(onsite) and BorgBase (offsite) with proper SSH authentication.

This commit is contained in:

♥ Minnie ♥

2025-10-07 22:33:20 +08:00

parent acab920858

commit 85dc419349

Signed by:

jasmine

GPG key ID: 8563E358D4E8040E

9 changed files with 69 additions and 43 deletions

									
										1

nixos/fuchsia/services/default.nix
									
										View file
										
				@ -7,6 +7,7 @@

				    ./pipewire

				    ./printing

				    ./snapper

				    ./ssh

				    ./udev

				    ./xserver

				  ];

Rows
Columns

refactor(ssh): decentralize SSH configuration to per-host services

1 nixos/fuchsia/services/default.nix Unescape Escape View file

1

nixos/fuchsia/services/default.nix

View file