colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ssh: set known hosts via ~/.ssh/config

Browse Source 
this prevents the ssh agent from updating the known_hosts file
and confusing home-manager.
This commit is contained in:
colin 2022-10-25 05:17:28 -07:00
parent e25c92794f
commit 10e224be0d
1 changed files with 10 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
modules/universal/home-manager/ssh.nix
View File

@ -1,14 +1,18 @@
{ config, ... }: { config, pkgs, ... }:
{ {
home-manager.users.colin = let home-manager.users.colin = let
host = config.networking.hostName; host = config.networking.hostName;
user_pubkey = (import ../pubkeys.nix).users."${host}";
known_hosts_text = builtins.concatStringsSep
"\n"
(builtins.attrValues (import ../pubkeys.nix).hosts);
in { config, ...}: { in { config, ...}: {
# ssh key is stored in private storage # ssh key is stored in private storage
home.file.".ssh/id_ed25519".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/.ssh/id_ed25519"; home.file.".ssh/id_ed25519".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/.ssh/id_ed25519";
home.file.".ssh/id_ed25519.pub".text = (import ../pubkeys.nix).users."${host}"; home.file.".ssh/id_ed25519.pub".text = user_pubkey;
# alternatively: use `programs.ssh.userKnownHostsFile`
home.file.".ssh/known_hosts".text = builtins.concatStringsSep programs.ssh.enable = true;
"\n" # this optionally accepts multiple known_hosts paths, separated by space.
(builtins.attrValues (import ../pubkeys.nix).hosts); programs.ssh.userKnownHostsFile = builtins.toString (pkgs.writeText "known_hosts" known_hosts_text);
}; };
} }