common/known-ssh-keys: init

Let's ensure that all our servers are aware of all host keys to avoid host key verification issues when needed. (example: buildbot → gerrit) Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
2024-07-17 17:32:34 +02:00 · 2024-07-17 17:32:34 +02:00 · e7c7f759a1
parent 948618ab6a
commit e7c7f759a1
2 changed files with 13 additions and 0 deletions
--- a/common/base-server.nix
+++ b/common/base-server.nix
@ -1,4 +1,8 @@
 { lib, pkgs, ... }: {
+  imports = [
+    ./known-ssh-keys.nix
+  ];
+
  nixpkgs.overlays = import ../overlays;

  nix.package = lib.mkDefault pkgs.lix;
--- a/common/known-ssh-keys.nix
+++ b/common/known-ssh-keys.nix
@ -0,0 +1,9 @@
+{ ... }:
+let
+  ssh-keys = import ./ssh-keys;
+in
+{
+  programs.ssh.knownHosts = {
+    "cl.forkos.org".publicKey = ssh-keys.gerrit01;
+  };
+}