From e739a1e95448ef20cb323913b305c9095d05513d Mon Sep 17 00:00:00 2001
From: Love Billenius <lovebillenius@disroot.org>
Date: Wed, 8 Apr 2026 11:25:52 +0200
Subject: [PATCH] key to unlock boot correct

---
 modules/nixos/luks-initrd-ssh-unlock.nix | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/modules/nixos/luks-initrd-ssh-unlock.nix b/modules/nixos/luks-initrd-ssh-unlock.nix
index e1ca5aa..bf8a96b 100644
--- a/modules/nixos/luks-initrd-ssh-unlock.nix
+++ b/modules/nixos/luks-initrd-ssh-unlock.nix
@@ -1,6 +1,7 @@
 {
   config,
   lib,
+  pkgs,
   ...
 }:
 let
@@ -17,8 +18,8 @@ in
     };
 
     hostKeyPath = lib.mkOption {
-      type = lib.types.path;
-      default = /etc/secrets/initrd/ssh_host_ed25519_key;
+      type = lib.types.str;
+      default = "/persist/etc/secrets/initrd/ssh_host_ed25519_key";
       description = "Path to the initrd SSH host private key on the target system.";
     };
 
@@ -31,22 +32,24 @@ in
 
   config = lib.mkIf cfg.enable {
     boot.kernelParams = [ "ip=dhcp" ];
+
     boot.initrd.network = {
       enable = true;
       ssh = {
         enable = true;
         port = cfg.port;
-        hostKeys = [ (toString cfg.hostKeyPath) ];
+        hostKeys = [ cfg.hostKeyPath ];
         authorizedKeys = cfg.authorizedKeys;
       };
     };
+
     system.activationScripts.initrdSshHostKey = {
       deps = [ "users" "groups" ];
       text = ''
-        install -d -m 700 "$(dirname ${toString cfg.hostKeyPath})"
-        if [ ! -f "${toString cfg.hostKeyPath}" ]; then
-          ssh-keygen -t ed25519 -N "" -f "${toString cfg.hostKeyPath}"
-          chmod 600 "${toString cfg.hostKeyPath}"
+        install -d -m 700 "$(dirname "${cfg.hostKeyPath}")"
+        if [ ! -f "${cfg.hostKeyPath}" ]; then
+          ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "${cfg.hostKeyPath}"
+          chmod 600 "${cfg.hostKeyPath}"
         fi
       '';
     };