diff options
author | tv <tv@shackspace.de> | 2015-09-27 15:24:41 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-09-27 15:24:41 +0200 |
commit | dc5299a07126e73b2040213cc1610f7368604213 (patch) | |
tree | d00905b474850ad934406ff9b0b5c34442f8366b /krebs/3modules/default.nix | |
parent | edd973f7735e7a7e9964f0ac7d75ab4ca20b80d9 (diff) |
krebs: add hosts with ssh.pubkey to known hosts
Diffstat (limited to 'krebs/3modules/default.nix')
-rw-r--r-- | krebs/3modules/default.nix | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 78834d8d5..1501a9d49 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -103,6 +103,32 @@ let ([cfg.zone-head-config] ++ combined-hosts) ; combined-hosts = (mapAttrsToList (name: value: value.extraZones) cfg.hosts ); in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones; + + programs.ssh.knownHosts = + mapAttrs + (name: host: { + hostNames = + concatLists + (mapAttrsToList + (net-name: net: + let + aliases = shorts ++ longs; + longs = net.aliases; + shorts = + map (removeSuffix ".${cfg.search-domain}") + (filter (hasSuffix ".${cfg.search-domain}") + longs); + add-port = a: + if net.ssh.port != null + then "[${a}]:${toString net.ssh.port}" + else a; + in + aliases ++ map add-port net.addrs) + host.nets); + + publicKey = host.ssh.pubkey; + }) + (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts); } ]; @@ -464,6 +490,7 @@ let "cgit.cd.viljetic.de" "cd.krebsco.de" ]; + ssh.port = 11423; }; retiolum = { via = internet; @@ -490,6 +517,7 @@ let ''; }; }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6"; }; mkdir = rec { cores = 1; @@ -522,6 +550,8 @@ let ''; }; }; + ssh.privkey = <secrets/ssh.id_ed25519>; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw"; }; nomic = { cores = 2; @@ -547,6 +577,7 @@ let }; }; secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09"; }; rmdir = rec { cores = 1; @@ -579,6 +610,7 @@ let ''; }; }; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGniQyABsMNSFTKAxJgxZlLrWfexUt+vhZ3p2hpBl4J"; }; wu = { cores = 4; @@ -604,6 +636,7 @@ let }; }; secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa"; }; xu = { cores = 4; @@ -629,6 +662,7 @@ let }; }; secure = true; + ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw"; }; }; users = addNames { |