also deploy host ca to server

2024-11-14 17:52:02 +01:00
parent d4967e9d4e
commit 8f1e393bc4
2 changed files with 6 additions and 5 deletions
--- a/clanModules/sshd/roles/client.nix
+++ b/clanModules/sshd/roles/client.nix
@@ -3,9 +3,4 @@
  imports = [
    ../shared.nix
  ];
-  programs.ssh.knownHosts.ssh-ca = lib.mkIf (config.clan.sshd.certificate.searchDomains != [ ]) {
-    certAuthority = true;
-    extraHostNames = builtins.map (domain: "*.${domain}") config.clan.sshd.certificate.searchDomains;
-    publicKey = config.clan.core.vars.generators.openssh-ca.files."id_ed25519.pub".value;
-  };
 }
--- a/clanModules/sshd/shared.nix
+++ b/clanModules/sshd/shared.nix
@@ -39,5 +39,11 @@
            ssh-keygen -t ed25519 -N "" -f $out/id_ed25519
          '';
        };
+
+    programs.ssh.knownHosts.ssh-ca = lib.mkIf (config.clan.sshd.certificate.searchDomains != [ ]) {
+      certAuthority = true;
+      extraHostNames = builtins.map (domain: "*.${domain}") config.clan.sshd.certificate.searchDomains;
+      publicKey = config.clan.core.vars.generators.openssh-ca.files."id_ed25519.pub".value;
+    };
  };
 }