summaryrefslogtreecommitdiff
path: root/system-profiles/openssh/default.nix
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2023-03-20 12:27:50 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2023-03-20 12:27:50 +0100
commitc12c26730f5be240844684cfeff6b9e8b1c7348b (patch)
treec63c8485a2c8f00899bc1a7aed93cdac7c7d46e5 /system-profiles/openssh/default.nix
parente24249d67d1a8b899661d4b42294a0ce675cddea (diff)
downloadnixos-c12c26730f5be240844684cfeff6b9e8b1c7348b.tar
nixos-c12c26730f5be240844684cfeff6b9e8b1c7348b.tar.gz
nixos-c12c26730f5be240844684cfeff6b9e8b1c7348b.tar.bz2
nixos-c12c26730f5be240844684cfeff6b9e8b1c7348b.tar.xz
nixos-c12c26730f5be240844684cfeff6b9e8b1c7348b.zip
...
Diffstat (limited to 'system-profiles/openssh/default.nix')
-rw-r--r--system-profiles/openssh/default.nix10
1 files changed, 5 insertions, 5 deletions
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix
index f81880cc..0e88ffb7 100644
--- a/system-profiles/openssh/default.nix
+++ b/system-profiles/openssh/default.nix
@@ -75,11 +75,11 @@ in {
75 KbdInteractiveAuthentication = mkDefault false; 75 KbdInteractiveAuthentication = mkDefault false;
76 }; 76 };
77 moduliFile = mkIf (config.sops.secrets ? "ssh_moduli") "/run/credentials/sshd.service/ssh_moduli"; 77 moduliFile = mkIf (config.sops.secrets ? "ssh_moduli") "/run/credentials/sshd.service/ssh_moduli";
78 extraConfig = '' 78 extraConfig = optionalString cfg.staticHostKeys ''
79 ${optionalString cfg.staticHostKeys "HostKey /run/credentials/sshd.service/ssh_host_ed25519_key"} 79 HostKey /run/credentials/sshd.service/ssh_host_ed25519_key
80 ${optionalString cfg.staticHostKeys "HostCertificate ${./known-hosts + "/${hostName}/ed25519.pub"}"} 80 HostCertificate ${./known-hosts + "/${hostName}/ed25519.pub"}
81 ${optionalString cfg.staticHostKeys "HostKey /run/credentials/sshd.service/ssh_host_rsa_key"} 81 HostKey /run/credentials/sshd.service/ssh_host_rsa_key
82 ${optionalString cfg.staticHostKeys "HostCertificate ${./known-hosts + "/${hostName}/rsa-cert.pub"}"} 82 HostCertificate ${./known-hosts + "/${hostName}/rsa-cert.pub"}
83 ''; 83 '';
84 }; 84 };
85 85