shared/nixos/persist-ssh-host-keys/default.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# This module ensures that SSH keys are not cleared on reboots.
# It assumes that `/` is ephemeral and `/persist` isn't.
{...}: {
  services.openssh = {
    hostKeys = [
      {
        path = "/persist/ssh/ssh_host_ed25519_key";
        type = "ed25519";
      }
      {
        path = "/persist/ssh/ssh_host_rsa_key";
        type = "rsa";
        bits = 4096;
      }
    ];
  };
}