diff options
| -rw-r--r-- | hosts/omar/configuration.nix | 1 | ||||
| -rw-r--r-- | shared/nixos/persist-ssh-host-keys/default.nix | 20 |
2 files changed, 21 insertions, 0 deletions
diff --git a/hosts/omar/configuration.nix b/hosts/omar/configuration.nix index 69df37a..2e0a146 100644 --- a/hosts/omar/configuration.nix +++ b/hosts/omar/configuration.nix @@ -12,6 +12,7 @@ ../../shared/nixos-and-darwin/common-shell-settings ../../shared/nixos-and-darwin/common-hm-settings ../../shared/nixos/zfs-impermenance + ../../shared/nixos/persist-ssh-host-keys ./wireless-networking ]; diff --git a/shared/nixos/persist-ssh-host-keys/default.nix b/shared/nixos/persist-ssh-host-keys/default.nix new file mode 100644 index 0000000..5180376 --- /dev/null +++ b/shared/nixos/persist-ssh-host-keys/default.nix @@ -0,0 +1,20 @@ +# This module ensures that SSH keys are not cleared on reboots. +# It assumes that `/` is ephemeral and `/persist` isn't. + +{...}: + +{ + services.openssh = { + hostKeys = [ + { + path = "/persist/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + { + path = "/persist/ssh/ssh_host_rsa_key"; + type = "rsa"; + bits = 4096; + } + ]; + }; +} |