colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

ssh: define system-wide knownHosts

Browse Source
This commit is contained in:
colin
2023-01-08 08:51:06 +00:00
parent a457fc1416
commit 71fc1a2fd7
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
modules/ssh.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }: { config, lib, ... }:
with lib; with lib;
let let
@@ -76,5 +76,12 @@ in
{ type = "rsa"; bits = 4096; path = "/etc/ssh/host_keys/ssh_host_rsa_key"; } { type = "rsa"; bits = 4096; path = "/etc/ssh/host_keys/ssh_host_rsa_key"; }
{ type = "ed25519"; path = "/etc/ssh/host_keys/ssh_host_ed25519_key"; } { type = "ed25519"; path = "/etc/ssh/host_keys/ssh_host_ed25519_key"; }
]; ];
services.openssh.knownHosts =
let
host-keys = filter (k: k.user == "root") (attrValues config.sane.ssh.pubkeys);
in lib.mkMerge (builtins.map (key: {
"${key.host}".publicKey = key.typedPubkey;
}) host-keys);
}; };
} }