From 75a30285c2d8e51b209c03e60d121acbc6d298d8 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Thu, 26 Dec 2024 00:00:17 +0000
Subject: hosts/omar: Persist OpenSSH keys

---
 hosts/omar/configuration.nix                   |  1 +
 shared/nixos/persist-ssh-host-keys/default.nix | 20 ++++++++++++++++++++
 2 files changed, 21 insertions(+)
 create mode 100644 shared/nixos/persist-ssh-host-keys/default.nix

diff --git a/hosts/omar/configuration.nix b/hosts/omar/configuration.nix
index 69df37a..2e0a146 100644
--- a/hosts/omar/configuration.nix
+++ b/hosts/omar/configuration.nix
@@ -12,6 +12,7 @@
     ../../shared/nixos-and-darwin/common-shell-settings
     ../../shared/nixos-and-darwin/common-hm-settings
     ../../shared/nixos/zfs-impermenance
+    ../../shared/nixos/persist-ssh-host-keys
 
     ./wireless-networking
   ];
diff --git a/shared/nixos/persist-ssh-host-keys/default.nix b/shared/nixos/persist-ssh-host-keys/default.nix
new file mode 100644
index 0000000..5180376
--- /dev/null
+++ b/shared/nixos/persist-ssh-host-keys/default.nix
@@ -0,0 +1,20 @@
+# This module ensures that SSH keys are not cleared on reboots.
+# It assumes that `/` is ephemeral and `/persist` isn't.
+
+{...}:
+
+{
+  services.openssh = {
+    hostKeys = [
+      {
+        path = "/persist/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+      {
+        path = "/persist/ssh/ssh_host_rsa_key";
+        type = "rsa";
+        bits = 4096;
+      }
+    ];
+  };
+}
-- 
cgit v1.2.3