]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/networking/ssh.nix
sourcephile / git / julm / julm-nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
sshd: use LoadCredentialEncrypted=
[julm/julm-nix.git] / nixos / profiles / networking / ssh.nix
1 { lib, inputs, hostName, ... }:
2 with lib;
3 {
4 programs.mosh.enable = mkDefault true;
5 services.openssh.enable = true;
6 systemd.services.sshd.serviceConfig.LoadCredentialEncrypted =
7 [ "ed25519.key:${inputs.self}/hosts/${hostName}/networking/ssh/ed25519.key.cred" ];
8 # TODO: use hostKeys= once LoadCredentialEncrypted= works in ExecStartPre=
9 services.openssh.hostKeys = mkForce [];
10 services.openssh.extraConfig = ''
11 HostKey /run/credentials/sshd.service/ed25519.key
12 '';
13 }
julm's NixOS and home-manager configs