secrets/ssh_server.nix: init

2023-08-18 11:17:33 +02:00 · 2023-08-18 11:17:33 +02:00 · e063db59dc
parent fc56842825
commit e063db59dc
2 changed files with 9 additions and 1 deletions
--- a/2configs/default.nix
+++ b/2configs/default.nix
@ -7,7 +7,7 @@ with lib;
    ./editor/vim.nix
    ./binary-cache/nixos.nix
    ./minimal.nix
-    ./secrets
+    ./secrets/ssh_server.nix
    # ./security/hotfix.nix
  ];

--- a/2configs/secrets/ssh_server.nix
+++ b/2configs/secrets/ssh_server.nix
@ -0,0 +1,8 @@
+{
+
+  sops.secrets."ssh_host_rsa_key" = {};
+  sops.secrets."ssh_host_ed25519_key" = {};
+  services.openssh.hostKeys = lib.mkForce [
+    { bits = 4096; path = (config.sops.secrets."ssh_host_rsa_key".path); type = "rsa"; }
+    { path = config.sops.secrets."ssh_host_ed25519_key".path; type = "ed25519"; } ];
+}