carotte: zfs: disable

[sourcephile-nix.git] / hosts / losurdo / ssh.nix

diff --git a/hosts/losurdo/ssh.nix b/hosts/losurdo/ssh.nix
index ea184f71c55bb5166bcfad59f40da32088ac562a..bb992d94aab7347b98c93130b101efaa40829830 100644 (file)
--- a/hosts/losurdo/ssh.nix
+++ b/hosts/losurdo/ssh.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, config, hosts, ... }:
+{ pkgs, lib, config, hosts, hostName, ... }:
 {
   services.openssh = {
     openFirewall = true;
@@ -12,11 +12,13 @@
     '';
   };
 
+  security.initrd.secrets."${hostName}/ssh/initrd.key" =
+    "hosts/${hostName}/ssh/initrd.key.gpg";
   boot.initrd.network.ssh = {
     enable = true;
     port = 2222;
     authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-    hostKeys = [ "/root/initrd/ssh.key" ];
+    hostKeys = [ "${config.security.initrd.stage1Dir}/${hostName}/ssh/initrd.key" ];
     extraConfig = ''
     '';
   };