clan-core/clanModules/sshd.nix

{ config, pkgs, ... }: {
  services.openssh.enable = true;

  services.openssh.hostKeys = [{
    path = config.clanCore.secrets.openssh.secrets."ssh.id_ed25519".path;
    type = "ed25519";
  }];

  clanCore.secrets.openssh = {
    secrets."ssh.id_ed25519" = { };
    facts."ssh.id_ed25519.pub" = { };
    generator.path = [ pkgs.coreutils pkgs.openssh ];
    generator.script = ''
      ssh-keygen -t ed25519 -N "" -f $secrets/ssh.id_ed25519
      mv $secrets/ssh.id_ed25519.pub $facts/ssh.id_ed25519.pub
    '';
  };
}
add sshd module 2024-03-13 07:38:20 +00:00			`{ config, pkgs, ... }: {`
			`services.openssh.enable = true;`

			`services.openssh.hostKeys = [{`
don't use impure builtins.storePath 2024-03-15 10:46:27 +00:00			`path = config.clanCore.secrets.openssh.secrets."ssh.id_ed25519".path;`
add sshd module 2024-03-13 07:38:20 +00:00			`type = "ed25519";`
			`}];`

			`clanCore.secrets.openssh = {`
			`secrets."ssh.id_ed25519" = { };`
			`facts."ssh.id_ed25519.pub" = { };`
			`generator.path = [ pkgs.coreutils pkgs.openssh ];`
			`generator.script = ''`
			`ssh-keygen -t ed25519 -N "" -f $secrets/ssh.id_ed25519`
			`mv $secrets/ssh.id_ed25519.pub $facts/ssh.id_ed25519.pub`
			`'';`
			`};`
			`}`