]> Git — Sourcephile - julm/julm-nix.git/blob - nixos/profiles/networking/ssh.nix
Add given password for hosts/aubergine/ssh/host.key to store.
[julm/julm-nix.git] / nixos / profiles / networking / ssh.nix
1 { lib, inputs, hostName, ... }:
2 with lib;
3 {
4 programs.mosh.enable = mkDefault true;
5 services.openssh.enable = true;
6 systemd.services.sshd.serviceConfig.LoadCredentialEncrypted =
7 [ "host.key:${inputs.self}/hosts/${hostName}/ssh/host.key.cred" ];
8 # TODO: use hostKeys= once LoadCredentialEncrypted= works in ExecStartPre=
9 services.openssh.hostKeys = mkForce [ ];
10 services.openssh.extraConfig = ''
11 HostKey /run/credentials/sshd.service/host.key
12 '';
13 }