I am trying to connect to an SSH server. Usually I store the private key at
The configuration is located at
src: NixOS Wiki - SSH public key authentication
But can it be done the Nix way? In
I usually forget to backup my
~/.ssh when I reinstall / distrohop so I would like to avoid storing keys are configs there.
If systemwide configuration is ok:
programs.ssh.extraConfig will allow you to add whatever you want to
If you’d prefer having configuration be active only for your user, that’s within the realm of home-manager, and there you’ll want e.g.
Another part of the problem is managing the private key itself – for that you’ll most likely want to look at tools like agenix or sops-nix.
It worked, thanks! I used
I was actually searching nix options but the term “match block” escaped me.
For now I am storing the keys in the normie way.
agenix or sops-nix.
They both look good. Do you have a recommendation?
I’ve only used agenix so I can’t really recommend one or another. If you’re using home-manager I think sops-nix is your only option of the two at this point – I don’t remember agenix having an home-manager module.
There is a project/fork
homeage, which is based on a PR to agenix that never got merged. I am not sure about how well it works though, I am only aware of its existence.
Personally I am using
sops-nix, as I can use the same input for both system and home configurations, and to some extend even share the secret files between them. Not sure if this was possible with agenix + homeage.