From e7c7f759a1ac83f42161381c9b19ad3e1ba3b292 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Wed, 17 Jul 2024 17:32:34 +0200
Subject: [PATCH] common/known-ssh-keys: init
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Let's ensure that all our servers are aware of all host keys to avoid
host key verification issues when needed.

(example: buildbot → gerrit)

Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
---
 common/base-server.nix    | 4 ++++
 common/known-ssh-keys.nix | 9 +++++++++
 2 files changed, 13 insertions(+)
 create mode 100644 common/known-ssh-keys.nix

diff --git a/common/base-server.nix b/common/base-server.nix
index 3f5616e..c3f0251 100644
--- a/common/base-server.nix
+++ b/common/base-server.nix
@@ -1,4 +1,8 @@
 { lib, pkgs, ... }: {
+  imports = [
+    ./known-ssh-keys.nix
+  ];
+
   nixpkgs.overlays = import ../overlays;
 
   nix.package = lib.mkDefault pkgs.lix;
diff --git a/common/known-ssh-keys.nix b/common/known-ssh-keys.nix
new file mode 100644
index 0000000..c56eb6e
--- /dev/null
+++ b/common/known-ssh-keys.nix
@@ -0,0 +1,9 @@
+{ ... }:
+let
+  ssh-keys = import ./ssh-keys;
+in
+{
+  programs.ssh.knownHosts = {
+    "cl.forkos.org".publicKey = ssh-keys.gerrit01;
+  };
+}