colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

modules/ssh: note that theres a better store to place the ssh host_keys in

Browse Source
This commit is contained in:
Colin
2024-02-23 18:14:25 +00:00
parent 0448df51e3
commit 879d01ac2e
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/ssh.nix
View File

@@ -69,6 +69,7 @@ in
sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ]; sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
# N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available # N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
# during activation time (see /etc/machine-id and setupSecretsForUsers activation script). # during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
# TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).
environment.etc."ssh/host_keys".source = let environment.etc."ssh/host_keys".source = let
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind; plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
in "${plaintextBacking}/etc/ssh/host_keys"; in "${plaintextBacking}/etc/ssh/host_keys";