mount the host key in as a single-file volume, so the server can
actually read it.
Change-Id: I5fb58536717c91480d1f4610b6fb3258a36169e0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3864
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
The actual function we want for the format we're using is
decode_secret_key, not decode_openssh, apparently - covered this with a
toneest to make sure.
Change-Id: I659226169f213b8464b96aec6b94bf13fd80aac8
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3863
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Rather than randomly generating a new host key every time we run the
server, load the host's secret key from a file on disk at startup, so
that clients don't have to disable host key verification to connect
every time we restart.
Change-Id: I4d283bc919f4825789f686a98c174a71929087a6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3819
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Add a nixos module for running the xanthous server in a docker
container, and install it on mugwump including a prometheus scrape
config.
Change-Id: Ifeb315845b7eef2ee33af98fa3f71acdd3d9fe6b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3812
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Add a prometheus exporter and some simple prometheus metrics, so that I
can look at dashboards and get alerts for things like lots of
connections
Change-Id: Ic1e0568200299dc852b74da647a6354267ee7576
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3811
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
This appears to work pretty nicely!
Change-Id: Icf52f58225ee2837b30ba6187ae3ba3c539de9df
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3810
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Don't write to my disk, please, random internet people.
Change-Id: I1d199fc3675f6ec7630f598bbc33dc7ef7e02e68
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3809
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Accept password authentication in addition to public key authentication,
but ignore the actual password, so that clients without ssh keys
configured (or configured to send no ssh keys) can authenticate.
Change-Id: I86130b9725d1928ac45b5db55f18c09687ee0fd5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3807
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Add the start of an ssh-compatible server application for playing
Xanthous over ssh. The idea here is that the user can ssh with whatever
username they like (defaulting obviously to their login username) and
then that gets passed as the --name flag to xanthous as they play.
Change-Id: I39eec288ac8e22a165e859479888d78158a58818
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3806
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>