From 85a1127e1d4eded17630c69796ea7a876b2d764e Mon Sep 17 00:00:00 2001
From: John Lancaster <32917998+jsl12@users.noreply.github.com>
Date: Sun, 15 Mar 2026 15:51:09 -0500
Subject: [PATCH] userCAPath variable

---
 modules/services/ssh.nix | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix
index 8ebad84..7143995 100644
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -7,6 +7,7 @@ in
   flake.modules.nixos.ssh = { pkgs, config, lib, ... }:
   let
     cfg = config.ssh;
+    userCAPath = "ssh/ssh_user_ca.pub";
   in
   {
     options.ssh = {
@@ -27,16 +28,16 @@ in
           {
             PasswordAuthentication = false;
             KbdInteractiveAuthentication = false;
+            HostKey = "/etc/ssh/ssh_host_ed25519_key";
           }
           (lib.mkIf cfg.certificates.enable {
-            TrustedUserCAKeys = "/etc/ssh/ssh_user_ca.pub";
-            HostKey = "/etc/ssh/ssh_host_ed25519_key";
+            TrustedUserCAKeys = "/etc/${userCAPath}";
             HostCertificate = "/etc/ssh/ssh_host_ed25519_key-cert.pub";
           })
         ];
       };
 
-      environment.etc."ssh/ssh_user_ca.pub" = lib.mkIf cfg.certificates.enable {
+      environment.etc."${userCAPath}" = lib.mkIf cfg.certificates.enable {
         source = cfg.certificates.userCA;
       };