ssh: set known hosts via ~/.ssh/config
this prevents the ssh agent from updating the known_hosts file and confusing home-manager.
This commit is contained in:
parent
e25c92794f
commit
10e224be0d
|
@ -1,14 +1,18 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
home-manager.users.colin = let
|
||||
host = config.networking.hostName;
|
||||
user_pubkey = (import ../pubkeys.nix).users."${host}";
|
||||
known_hosts_text = builtins.concatStringsSep
|
||||
"\n"
|
||||
(builtins.attrValues (import ../pubkeys.nix).hosts);
|
||||
in { config, ...}: {
|
||||
# ssh key is stored in private storage
|
||||
home.file.".ssh/id_ed25519".source = config.lib.file.mkOutOfStoreSymlink "/home/colin/private/.ssh/id_ed25519";
|
||||
home.file.".ssh/id_ed25519.pub".text = (import ../pubkeys.nix).users."${host}";
|
||||
# alternatively: use `programs.ssh.userKnownHostsFile`
|
||||
home.file.".ssh/known_hosts".text = builtins.concatStringsSep
|
||||
"\n"
|
||||
(builtins.attrValues (import ../pubkeys.nix).hosts);
|
||||
home.file.".ssh/id_ed25519.pub".text = user_pubkey;
|
||||
|
||||
programs.ssh.enable = true;
|
||||
# this optionally accepts multiple known_hosts paths, separated by space.
|
||||
programs.ssh.userKnownHostsFile = builtins.toString (pkgs.writeText "known_hosts" known_hosts_text);
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user