diff options
| author | Gregor Kleen <gkleen@yggdrasil.li> | 2024-12-15 18:25:01 +0100 | 
|---|---|---|
| committer | Gregor Kleen <gkleen@yggdrasil.li> | 2024-12-15 18:25:01 +0100 | 
| commit | 9873d9c34f7907a31c975c22f32497fd1278aa28 (patch) | |
| tree | 93a72f917760eef7ad683b99842ccb5f0d380fb7 /system-profiles/openssh | |
| parent | afaaaadb33316ee7705de192a6f667f1b07a10d3 (diff) | |
| download | nixos-9873d9c34f7907a31c975c22f32497fd1278aa28.tar nixos-9873d9c34f7907a31c975c22f32497fd1278aa28.tar.gz nixos-9873d9c34f7907a31c975c22f32497fd1278aa28.tar.bz2 nixos-9873d9c34f7907a31c975c22f32497fd1278aa28.tar.xz nixos-9873d9c34f7907a31c975c22f32497fd1278aa28.zip | |
...
Diffstat (limited to 'system-profiles/openssh')
| -rw-r--r-- | system-profiles/openssh/default.nix | 27 | 
1 files changed, 15 insertions, 12 deletions
| diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 25fc354f..e60e72d9 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix | |||
| @@ -85,18 +85,21 @@ in { | |||
| 85 | }; | 85 | }; | 
| 86 | 86 | ||
| 87 | systemd.services = mkIf cfg.enable { | 87 | systemd.services = mkIf cfg.enable { | 
| 88 | "sshd@".serviceConfig = { | 88 | "sshd@" = { | 
| 89 | ExecStart = mkForce (concatStringsSep " " ( | 89 | restartIfChanged = false; | 
| 90 | [ "-${cfg.package or pkgs.openssh}/bin/sshd" "-i" "-D" "-f" "/etc/ssh/sshd_config" ] | 90 | serviceConfig = { | 
| 91 | ++ optional (config.sops.secrets ? "ssh_moduli") ''-o "moduliFile ''${CREDENTIALS_DIRECTORY}/ssh_moduli"'' | 91 | ExecStart = mkForce (concatStringsSep " " ( | 
| 92 | ++ optional cfg.staticHostKeys ''-o "HostKey ''${CREDENTIALS_DIRECTORY}/ssh_host_ed25519_key" -o "HostKey ''${CREDENTIALS_DIRECTORY}/ssh_host_rsa_key"'' | 92 | [ "-${cfg.package or pkgs.openssh}/bin/sshd" "-i" "-D" "-f" "/etc/ssh/sshd_config" ] | 
| 93 | )); | 93 | ++ optional (config.sops.secrets ? "ssh_moduli") ''-o "moduliFile ''${CREDENTIALS_DIRECTORY}/ssh_moduli"'' | 
| 94 | LoadCredential = | 94 | ++ optional cfg.staticHostKeys ''-o "HostKey ''${CREDENTIALS_DIRECTORY}/ssh_host_ed25519_key" -o "HostKey ''${CREDENTIALS_DIRECTORY}/ssh_host_rsa_key"'' | 
| 95 | lib.optional (config.sops.secrets ? "ssh_moduli") "ssh_moduli:${config.sops.secrets.ssh_moduli.path}" | 95 | )); | 
| 96 | ++ lib.optionals cfg.staticHostKeys [ | 96 | LoadCredential = | 
| 97 | "ssh_host_ed25519_key:${config.sops.secrets.ssh_host_ed25519_key.path}" | 97 | lib.optional (config.sops.secrets ? "ssh_moduli") "ssh_moduli:${config.sops.secrets.ssh_moduli.path}" | 
| 98 | "ssh_host_rsa_key:${config.sops.secrets.ssh_host_rsa_key.path}" | 98 | ++ lib.optionals cfg.staticHostKeys [ | 
| 99 | ]; | 99 | "ssh_host_ed25519_key:${config.sops.secrets.ssh_host_ed25519_key.path}" | 
| 100 | "ssh_host_rsa_key:${config.sops.secrets.ssh_host_rsa_key.path}" | ||
| 101 | ]; | ||
| 102 | }; | ||
| 100 | }; | 103 | }; | 
| 101 | }; | 104 | }; | 
| 102 | systemd.sockets."sshd@run-ssh\\x2dunix\\x2dlocal-socket" = mkIf cfg.enable { | 105 | systemd.sockets."sshd@run-ssh\\x2dunix\\x2dlocal-socket" = mkIf cfg.enable { | 
