{...}: { services.openssh = { enable = true; settings.PasswordAuthentication = false; hostKeys = [ { # See the explanation for this in /system/impermanence/mods/openssh.nix # path = "/var/lib/sshd/ssh_host_ed25519_key"; # FIXME: Remove this workaround path = "/srv/var/lib/sshd/ssh_host_ed25519_key"; rounds = 1000; type = "ed25519"; } ]; }; }