dust: remove host ssh keys

hosts/dust/default.nix

@@ -24,6 +24,10 @@
       preservation.nixosModules.preservation
     ]);
 
+  sops = {
+    age.keyFile = "/persist/home/guanranwang/.config/sops/age/keys.txt";
+  };
+
   sops.secrets = lib.mapAttrs (_n: v: v // { sopsFile = ./secrets.yaml; }) (
     lib.listToAttrs (
       lib.map (x: lib.nameValuePair "wireless/${x}" { path = "/var/lib/iwd/${x}.psk"; }) [

hosts/dust/preservation.nix

@@ -1,6 +1,4 @@
-{ lib, ... }:
 {
-  sops.age.sshKeyPaths = lib.mkForce [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
   fileSystems."/persist".neededForBoot = true;
   preservation.enable = true;
   preservation.preserveAt."/persist" = {
@@ -9,23 +7,17 @@
       "/var/lib"
       "/etc/secureboot"
     ];
-    files = [
-      "/etc/ssh/ssh_host_ed25519_key"
-      "/etc/ssh/ssh_host_ed25519_key.pub"
-      "/etc/ssh/ssh_host_rsa_key"
-      "/etc/ssh/ssh_host_rsa_key.pub"
-    ];
 
     users.guanranwang = {
       directories = [
-        "Desktop"
         "Documents"
         "Downloads"
         "Music"
         "Pictures"
         "Videos"
-        #"Public"
-        #"Templates"
+        # "Desktop"
+        # "Public"
+        # "Templates"
 
         ".ssh"
         ".mozilla/firefox"

nixos/profiles/core/default.nix

@@ -65,10 +65,4 @@
 
   # See `nixos-version(8)`
   system.configurationRevision = inputs.self.rev or "dirty";
-
-  ### sops-nix
-  sops = {
-    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
-    gnupg.sshKeyPaths = [ ];
-  };
 }

nixos/profiles/server/default.nix

@@ -17,4 +17,9 @@
   time.timeZone = "UTC";
 
   networking.domain = "ny4.dev";
+
+  sops = {
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+    gnupg.sshKeyPaths = [ ];
+  };
 }