From ddf8182d5be8bcd275cfd102fff265547102fc9a Mon Sep 17 00:00:00 2001
From: talyz <kim.lindberger@gmail.com>
Date: Thu, 21 Jul 2022 19:15:04 +0200
Subject: [PATCH] sshd: Don't remove symlinks to host key files

If a host key file is a symlink pointing to an as of yet non-existent
file, we don't want to remove it, but instead follow the symlink and
create the file at that location.

See https://github.com/nix-community/impermanence/issues/101 for more
information on the issue the original behavior creates.
---
 nixos/modules/services/networking/ssh/sshd.nix | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/networking/ssh/sshd.nix b/nixos/modules/services/networking/ssh/sshd.nix
index 6b69d559748c..52a50b892ec6 100644
--- a/nixos/modules/services/networking/ssh/sshd.nix
+++ b/nixos/modules/services/networking/ssh/sshd.nix
@@ -442,7 +442,9 @@ in
 
                 ${flip concatMapStrings cfg.hostKeys (k: ''
                   if ! [ -s "${k.path}" ]; then
-                      rm -f "${k.path}"
+                      if ! [ -h "${k.path}" ]; then
+                          rm -f "${k.path}"
+                      fi
                       ssh-keygen \
                         -t "${k.type}" \
                         ${if k ? bits then "-b ${toString k.bits}" else ""} \