userCAPath variable

2026-03-15 15:51:09 -05:00
parent 9c26c962ff
commit 85a1127e1d
1 changed files with 4 additions and 3 deletions
--- a/modules/services/ssh.nix
+++ b/modules/services/ssh.nix
@@ -7,6 +7,7 @@ in
  flake.modules.nixos.ssh = { pkgs, config, lib, ... }:
  let
    cfg = config.ssh;
+    userCAPath = "ssh/ssh_user_ca.pub";
  in
  {
    options.ssh = {
@@ -27,16 +28,16 @@ in
          {
            PasswordAuthentication = false;
            KbdInteractiveAuthentication = false;
+            HostKey = "/etc/ssh/ssh_host_ed25519_key";
          }
          (lib.mkIf cfg.certificates.enable {
-            TrustedUserCAKeys = "/etc/ssh/ssh_user_ca.pub";
-            HostKey = "/etc/ssh/ssh_host_ed25519_key";
+            TrustedUserCAKeys = "/etc/${userCAPath}";
            HostCertificate = "/etc/ssh/ssh_host_ed25519_key-cert.pub";
          })
        ];
      };

-      environment.etc."ssh/ssh_user_ca.pub" = lib.mkIf cfg.certificates.enable {
+      environment.etc."${userCAPath}" = lib.mkIf cfg.certificates.enable {
        source = cfg.certificates.userCA;
      };