jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

fix(ssh): enable key-based root login and use FQDNs for system services

Browse source 
Fixes backup system authentication and hostname resolution issues.

Changes:
- Change PermitRootLogin from "no" to "prohibit-password" in global SSH config
  (allows key-based root login for host-to-host backups while blocking passwords)
- Update fuchsia onsite backup to use viridian.home.arpa FQDN instead of shortname
- Update SSH knownHosts to use FQDNs (fuchsia.home.arpa, viridian.home.arpa)
  (system-level config uses FQDNs, user shortcuts remain in home-manager)

This enables the complete 3-2-1 backup strategy with automated backups working
correctly between fuchsia and viridian, and fuchsia to BorgBase.
This commit is contained in:
♥ Minnie ♥ 2025-10-07 23:11:31 +08:00
parent 6723c0e0b6
commit 8874c88fbc
Signed by: jasmine
GPG key ID: 8563E358D4E8040E
4 changed files with 12 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
nixos/fuchsia/services/borgbackup/onsite.nix
View file

@ -58,7 +58,7 @@ in {
'';
# Onsite repository configuration (backup to viridian over SSH)
repo = "ssh://viridian/srv/borg-repo/${hostname}";
repo = "ssh://viridian.home.arpa/srv/borg-repo/${hostname}";
# No encryption for onsite backups (physical security assumed)
encryption.mode = "none";

6
nixos/fuchsia/services/ssh/default.nix
View file

@ -1,12 +1,12 @@
{inputs, ...}: {
# Trust viridian's host keys for SSH connections
# Trust viridian's host keys for SSH connections (system-level, uses FQDN)
programs.ssh.knownHosts = {
"viridian-ed25519" = {
hostNames = ["viridian"];
hostNames = ["viridian.home.arpa"];
publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_ed25519_key.pub";
};
"viridian-rsa" = {
hostNames = ["viridian"];
hostNames = ["viridian.home.arpa"];
publicKeyFile = "${inputs.self}/nixos/viridian/ssh_host_rsa_key.pub";
};
};