From 75a30285c2d8e51b209c03e60d121acbc6d298d8 Mon Sep 17 00:00:00 2001
From: Linnnus <linnnus@users.noreply.github.com>
Date: Thu, 26 Dec 2024 00:00:17 +0000
Subject: hosts/omar: Persist OpenSSH keys

---
 shared/nixos/persist-ssh-host-keys/default.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 shared/nixos/persist-ssh-host-keys/default.nix

(limited to 'shared/nixos')

diff --git a/shared/nixos/persist-ssh-host-keys/default.nix b/shared/nixos/persist-ssh-host-keys/default.nix
new file mode 100644
index 0000000..5180376
--- /dev/null
+++ b/shared/nixos/persist-ssh-host-keys/default.nix
@@ -0,0 +1,20 @@
+# This module ensures that SSH keys are not cleared on reboots.
+# It assumes that `/` is ephemeral and `/persist` isn't.
+
+{...}:
+
+{
+  services.openssh = {
+    hostKeys = [
+      {
+        path = "/persist/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+      {
+        path = "/persist/ssh/ssh_host_rsa_key";
+        type = "rsa";
+        bits = 4096;
+      }
+    ];
+  };
+}
-- 
cgit v1.2.3