diff options
| -rw-r--r-- | system-profiles/openssh/default.nix | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index f81880cc..0e88ffb7 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix | |||
| @@ -75,11 +75,11 @@ in { | |||
| 75 | KbdInteractiveAuthentication = mkDefault false; | 75 | KbdInteractiveAuthentication = mkDefault false; |
| 76 | }; | 76 | }; |
| 77 | moduliFile = mkIf (config.sops.secrets ? "ssh_moduli") "/run/credentials/sshd.service/ssh_moduli"; | 77 | moduliFile = mkIf (config.sops.secrets ? "ssh_moduli") "/run/credentials/sshd.service/ssh_moduli"; |
| 78 | extraConfig = '' | 78 | extraConfig = optionalString cfg.staticHostKeys '' |
| 79 | ${optionalString cfg.staticHostKeys "HostKey /run/credentials/sshd.service/ssh_host_ed25519_key"} | 79 | HostKey /run/credentials/sshd.service/ssh_host_ed25519_key |
| 80 | ${optionalString cfg.staticHostKeys "HostCertificate ${./known-hosts + "/${hostName}/ed25519.pub"}"} | 80 | HostCertificate ${./known-hosts + "/${hostName}/ed25519.pub"} |
| 81 | ${optionalString cfg.staticHostKeys "HostKey /run/credentials/sshd.service/ssh_host_rsa_key"} | 81 | HostKey /run/credentials/sshd.service/ssh_host_rsa_key |
| 82 | ${optionalString cfg.staticHostKeys "HostCertificate ${./known-hosts + "/${hostName}/rsa-cert.pub"}"} | 82 | HostCertificate ${./known-hosts + "/${hostName}/rsa-cert.pub"} |
| 83 | ''; | 83 | ''; |
| 84 | }; | 84 | }; |
| 85 | 85 | ||