feat: moved ssh config to use new storage config

2025-11-08 19:04:59 -06:00 · 2025-11-08 19:04:59 -06:00 · 1310b50794
commit 1310b50794
parent 5acf060e9e
1 changed files with 34 additions and 7 deletions
--- a/modules/nixos-modules/ssh.nix
+++ b/modules/nixos-modules/ssh.nix
@ -3,6 +3,13 @@
  config,
  ...
 }: {
+  options = {
+    services.openssh.impermanence.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = config.services.openssh.enable && config.storage.impermanence.enable;
+    };
+  };
+
  config = lib.mkMerge [
    {
      services = {
@ -17,12 +24,32 @@
        };
      };
    }
-    (lib.mkIf config.host.impermanence.enable {
-      environment.persistence."/persist/system/root" = {
-        files = lib.lists.flatten (
-          builtins.map (hostKey: [hostKey.path "${hostKey.path}.pub"]) config.services.openssh.hostKeys
-        );
-      };
-    })
+    (lib.mkIf config.storage.zfs.enable (lib.mkMerge [
+      {
+        # SSH host keys need to be persisted to maintain server identity
+      }
+      (lib.mkIf (!config.services.openssh.impermanence.enable) {
+        # TODO: placeholder to configure a unique dataset for this service
+      })
+      (lib.mkIf config.services.openssh.impermanence.enable {
+        storage.impermanence.datasets."persist/system/root" = {
+          files = builtins.listToAttrs (
+            lib.lists.flatten (
+              builtins.map (hostKey: [
+                {
+                  name = hostKey.path;
+                  value = {enable = true;};
+                }
+                {
+                  name = "${hostKey.path}.pub";
+                  value = {enable = true;};
+                }
+              ])
+              config.services.openssh.hostKeys
+            )
+          );
+        };
+      })
+    ]))
  ];
 }