From 831022bf22c92f094cc4d1b2b533440cbf5a83ac Mon Sep 17 00:00:00 2001
From: Gabriel Arazas <foodogsquared@foodogsquared.one>
Date: Fri, 30 Jun 2023 10:46:43 +0800
Subject: [PATCH] hosts/plover: enable DH params generation

This is for certain applications as we'll see.
---
 hosts/plover/default.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/hosts/plover/default.nix b/hosts/plover/default.nix
index 18aea8ca..66b27864 100644
--- a/hosts/plover/default.nix
+++ b/hosts/plover/default.nix
@@ -126,6 +126,10 @@ in
     credentialsFile = config.sops.secrets."plover/lego/env".path;
   };
 
+  # Enable generating new DH params.
+  security.dhparams.enable = true;
+
+  # !!! The keys should be rotated at an interval here.
   services.openssh.hostKeys = [{
     path = config.sops.secrets."plover/ssh-key".path;
     type = "ed25519";