colin
d13bcc49ab
longer-term, i want hosts/by-name to define host-specific data that's accessible via the other hosts (things like pubkeys). also the secrets management needs some rethinking. there's really not much point in me specifiying where *exactly* a secret comes from at its use site. i should really be specifying secret store manifests; i.e. "servo.yaml contains secrets X Y and Z", and leaving the rest up to auto-computing.
16 lines
618 B
Nix
16 lines
618 B
Nix
# hierarchical, DNS-like mapping from <name> => ssh host/user for that name.
|
|
# host keys are represented as user keys, just with the user specified as "root".
|
|
|
|
{
|
|
org.uninsane = rec {
|
|
root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
|
|
git.root = root;
|
|
};
|
|
|
|
com.github = {
|
|
# documented here: <https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints>
|
|
# Github actually uses multiple keys -- one per format
|
|
root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
|
|
};
|
|
}
|