modules/system: add ssh keys for known hosts

These keys are stable, they can be set on every hosts.
author: Franck Cuny <franck@fcuny.net> 2023-04-29 14:44:45 -0700
committer: Franck Cuny <franck@fcuny.net> 2023-04-29 15:09:08 -0700
commit: ab89c107d9b431776b5bfbf4667b609b771ca945 (patch)
tree: e7619fbd2d79510bfa56ef76097036a6bbc1d019 /modules/system/security
parent: hosts/tahoe: disable rclone (diff)
download: infra-ab89c107d9b431776b5bfbf4667b609b771ca945.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/modules/system/security/default.nix b/modules/system/security/default.nix
index 1181e6a..ecb32d0 100644
--- a/modules/system/security/default.nix
+++ b/modules/system/security/default.nix
@@ -3,4 +3,14 @@
 {
   security.sudo.wheelNeedsPassword = false;
   security.polkit.enable = true;
+
+  programs.ssh = {
+    # $ ssh-keyscan example.com
+    knownHosts = {
+      github = {
+        hostNames = [ "github.com" ];
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+      };
+    };
+  };
 }
author	Franck Cuny <franck@fcuny.net>	2023-04-29 14:44:45 -0700
committer	Franck Cuny <franck@fcuny.net>	2023-04-29 15:09:08 -0700
commit	ab89c107d9b431776b5bfbf4667b609b771ca945 (patch)
tree	e7619fbd2d79510bfa56ef76097036a6bbc1d019 /modules/system/security
parent	hosts/tahoe: disable rclone (diff)
download	infra-ab89c107d9b431776b5bfbf4667b609b771ca945.tar.gz