nix-config/nixos/viridian/services/default.nix at c1d4fa52554f203d3dc71cff594e55ef6f8e08a6 - jasmine/nix-config - Forgejo: Beyond coding. We Forge.

jasmine/nix-config

jasmine 85dc419349

refactor(ssh): decentralize SSH configuration to per-host services

Restructures SSH trust relationships from global to host-specific configuration
for better locality of concern and principle of least privilege.

Changes:
- Collapse nixos/common/global/ssh/ back to ssh.nix (single-file module)
- Move internal host trust (fuchsia/viridian) to per-host services/ssh/
- Split BorgBase known hosts by repository (li9kg944 for fuchsia, r7ag7x1w for viridian)
- Add viridian SSH server config to accept backup connections from fuchsia
- Add fuchsia borgbackup passphrase for offsite backups
- Configure viridian to create /srv/borg-repo/fuchsia for remote backups

This enables the 3-2-1 backup strategy with fuchsia backing up to both viridian
(onsite) and BorgBase (offsite) with proper SSH authentication.

2025-10-07 22:33:20 +08:00

16 lines

198 B

Nix

Raw Blame History

 {...}: {
   imports = [
     ./borgbackup
     ./crowdsec
     ./forgejo
     ./inspircd
     ./lighttpd
     ./minecraft
     ./mpd
     ./murmur
     ./opengist
     ./snapper
     ./ssh
     ./traefik
   ];
 }