From af1af671b68a0c0f072e80a8992f2a42966cb652 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Sun, 8 Oct 2017 23:14:14 +0200
Subject: [PATCH] gum.r: disable privkey setting via krebs

manually configure the secrets instead
---
 1systems/gum/config.nix              | 4 +++-
 6tests/data/secrets/ssh_host_rsa_key | 0
 2 files changed, 3 insertions(+), 1 deletion(-)
 create mode 100644 6tests/data/secrets/ssh_host_rsa_key

diff --git a/1systems/gum/config.nix b/1systems/gum/config.nix
index e1357ff..e769b1e 100644
--- a/1systems/gum/config.nix
+++ b/1systems/gum/config.nix
@@ -81,7 +81,9 @@ in {
   ];
   makefu.dl-dir = "/var/download";
 
-
+  services.openssh.hostKeys = [
+    { bits = 4096; path = <secrets/ssh_host_rsa_key>; type = "rsa"; }
+    { path = <secrets/ssh_host_ed25519_key>; type = "ed25519"; } ];
   ###### stable
   services.nginx.virtualHosts.cgit.serverAliases = [ "cgit.euer.krebsco.de" ];
   krebs.build.host = config.krebs.hosts.gum;
diff --git a/6tests/data/secrets/ssh_host_rsa_key b/6tests/data/secrets/ssh_host_rsa_key
new file mode 100644
index 0000000..e69de29