From 76e609372f7a1f0fa3a43ecb8c39bc39620120ce Mon Sep 17 00:00:00 2001
From: Jan-Bulthuis <git@bulthuis.dev>
Date: Thu, 29 May 2025 20:28:07 +0200
Subject: [PATCH] Added persistence to ssh host keys

---
 modules/nixos/ssh.nix | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/modules/nixos/ssh.nix b/modules/nixos/ssh.nix
index b107f97..2740425 100644
--- a/modules/nixos/ssh.nix
+++ b/modules/nixos/ssh.nix
@@ -11,5 +11,17 @@ in
   config = mkIf cfg.enable {
     services.openssh.enable = true;
     # TODO: Is this default configuration secure?
+
+    services.openssh.hostKeys = mkIf (config.modules.impermanence.enable) [
+      {
+        type = "ed25519";
+        path = "/persist/system/etc/ssh/ssh_host_ed25519_key";
+      }
+      {
+        type = "rsa";
+        bits = 4096;
+        path = "/persist/system/etc/ssh/ssh_host_rsa_key";
+      }
+    ];
   };
 }