From e00d0331ec261c4789dd93d4bcc83f2e2ae7286e Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Wed, 17 Jul 2024 17:32:34 +0200
Subject: [PATCH] common/known-ssh-keys: init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's ensure that all our servers are aware of all host keys to avoid
host key verification issues when needed.

(example: buildbot → gerrit)

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
 common/base-server.nix    | 4 ++++
 common/known-ssh-keys.nix | 6 ++++++
 2 files changed, 10 insertions(+)
 create mode 100644 common/known-ssh-keys.nix

diff --git a/common/base-server.nix b/common/base-server.nix
index 3f5616e..c3f0251 100644
--- a/common/base-server.nix
+++ b/common/base-server.nix
@@ -1,4 +1,8 @@
 { lib, pkgs, ... }: {
+  imports = [
+    ./known-ssh-keys.nix
+  ];
+
   nixpkgs.overlays = import ../overlays;
 
   nix.package = lib.mkDefault pkgs.lix;
diff --git a/common/known-ssh-keys.nix b/common/known-ssh-keys.nix
new file mode 100644
index 0000000..9fca84d
--- /dev/null
+++ b/common/known-ssh-keys.nix
@@ -0,0 +1,6 @@
+{ ... }:
+{
+  programs.ssh.knownHosts = {
+    "[cl.forkos.org]:29418".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM82mJ259C8Nc+BHHNBeRWXWhL3dfirQhmFbDAwHMle3";
+  };
+}