{ customUtils, lib, config, hostName, pkgs, ... }: { config = { programs.ssh.knownHosts = lib.zipAttrsWith (_name: values: builtins.head values) (lib.mapAttrsToList (name: lib.mapAttrs' (type: value: lib.nameValuePair "${name}-${type}" value)) (customUtils.nixImport { dir = ./known-hosts; })); systemd.user.services."ssh-agent".enable = lib.mkForce false; # ssh-agent should be done via home-manager services.openssh = lib.mkIf config.services.openssh.enable { hostKeys = [ { path = "/etc/ssh/ssh_host_rsa_key"; type = "rsa"; } { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } ]; }; sops.secrets = lib.mkIf config.services.openssh.enable { ssh_host_rsa_key = { key = "rsa"; path = "/etc/ssh/ssh_host_rsa_key"; sopsFile = ./host-keys + "/${hostName}.yaml"; }; ssh_host_ed25519_key = { key = "ed25519"; path = "/etc/ssh/ssh_host_ed25519_key"; sopsFile = ./host-keys + "/${hostName}.yaml"; }; }; environment.etc = lib.mkIf config.services.openssh.enable { "ssh/ssh_host_rsa_key.pub".text = config.services.openssh.knownHosts."${hostName}-rsa".publicKey; "ssh/ssh_host_ed25519_key.pub".text = config.services.openssh.knownHosts."${hostName}-ed25519".publicKey; }; environment.systemPackages = lib.mkIf config.services.openssh.enable (with pkgs; [ rxvt_unicode.terminfo ]); }; }