Added persistence to ssh host keys

2025-05-29 20:28:07 +02:00 · 2025-05-29 20:28:07 +02:00 · 76e609372f
commit 76e609372f
parent cd91944b1e
1 changed files with 12 additions and 0 deletions
--- a/modules/nixos/ssh.nix
+++ b/modules/nixos/ssh.nix
@ -11,5 +11,17 @@ in
  config = mkIf cfg.enable {
    services.openssh.enable = true;
    # TODO: Is this default configuration secure?
+
+    services.openssh.hostKeys = mkIf (config.modules.impermanence.enable) [
+      {
+        type = "ed25519";
+        path = "/persist/system/etc/ssh/ssh_host_ed25519_key";
+      }
+      {
+        type = "rsa";
+        bits = 4096;
+        path = "/persist/system/etc/ssh/ssh_host_rsa_key";
+      }
+    ];
  };
 }