ssh: clean up /etc/ssh/host_keys persistence

2024-02-25 04:47:58 +00:00 · 2024-02-25 04:47:58 +00:00 · 00bf2f79cc
commit 00bf2f79cc
parent 04a6055d06
1 changed files with 2 additions and 1 deletions
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@ -66,7 +66,8 @@ in

  config = {
    # persist the host key.
-    sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
+    # actually DON'T do it this way. else we compete with the /etc activation script and it triggers warnings on deploys.
+    # sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
    # N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
    # during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
    # TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).