colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ssh: explain why we specify host_keys the way we do instead of through sane.persist

Browse Source
This commit is contained in:
colin
2023-01-08 08:41:48 +00:00
parent f10de6c2c4
commit 2c0b0f6947
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
hosts/common/ssh.nix
View File

@@ -1,7 +1,10 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
# persist the host key # persist the host key
# prefer specifying it via environment.etc since although it is generated per-host,
# it's made to be immutable after generation. hence, a `persist`-style mount wouldn't be as great.
environment.etc."ssh/host_keys".source = "/nix/persist/etc/ssh/host_keys"; environment.etc."ssh/host_keys".source = "/nix/persist/etc/ssh/host_keys";
# sane.persist.sys.plaintext = [ "/etc/ssh/host_keys" ];
# let openssh find our host keys # let openssh find our host keys
services.openssh.hostKeys = [ services.openssh.hostKeys = [