modules/ssh: note that theres a better store to place the ssh host_keys in

2024-02-23 18:14:25 +00:00
parent 0448df51e3
commit 879d01ac2e
1 changed files with 1 additions and 0 deletions
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@@ -69,6 +69,7 @@ in
    sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
    # N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
    # during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
+    # TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).
    environment.etc."ssh/host_keys".source = let
      plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
    in "${plaintextBacking}/etc/ssh/host_keys";