jasmine/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
nix-config/nixos/fuchsia/services/default.nix
jasmine 85dc419349
refactor(ssh): decentralize SSH configuration to per-host services 
Restructures SSH trust relationships from global to host-specific configuration
for better locality of concern and principle of least privilege.

Changes:
- Collapse nixos/common/global/ssh/ back to ssh.nix (single-file module)
- Move internal host trust (fuchsia/viridian) to per-host services/ssh/
- Split BorgBase known hosts by repository (li9kg944 for fuchsia, r7ag7x1w for viridian)
- Add viridian SSH server config to accept backup connections from fuchsia
- Add fuchsia borgbackup passphrase for offsite backups
- Configure viridian to create /srv/borg-repo/fuchsia for remote backups

This enables the 3-2-1 backup strategy with fuchsia backing up to both viridian
(onsite) and BorgBase (offsite) with proper SSH authentication.
2025-10-07 22:33:20 +08:00

14 lines
175 B
Nix
Raw Blame History

{...}: {
imports = [
./amdgpu-clocks
./borgbackup
./flatpak
./libinput
./pipewire
./printing
./snapper
./ssh
./udev
./xserver
];
}
Reference in a new issue View git blame Copy permalink