From dc5299a07126e73b2040213cc1610f7368604213 Mon Sep 17 00:00:00 2001
From: tv <tv@shackspace.de>
Date: Sun, 27 Sep 2015 15:24:41 +0200
Subject: krebs: add hosts with ssh.pubkey to known hosts

---
 krebs/3modules/default.nix | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

(limited to 'krebs/3modules/default.nix')

diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix
index 78834d8d5..1501a9d49 100644
--- a/krebs/3modules/default.nix
+++ b/krebs/3modules/default.nix
@@ -103,6 +103,32 @@ let
           ([cfg.zone-head-config] ++ combined-hosts) ;
         combined-hosts = (mapAttrsToList (name: value: value.extraZones)  cfg.hosts );
       in lib.mapAttrs' (name: value: nameValuePair (("zones/" + name)) ({ text=value; })) all-zones;
+
+      programs.ssh.knownHosts =
+        mapAttrs
+          (name: host: {
+            hostNames =
+              concatLists
+                (mapAttrsToList
+                  (net-name: net:
+                    let
+                      aliases = shorts ++ longs;
+                      longs = net.aliases;
+                      shorts =
+                        map (removeSuffix ".${cfg.search-domain}")
+                            (filter (hasSuffix ".${cfg.search-domain}")
+                                    longs);
+                      add-port = a:
+                        if net.ssh.port != null
+                          then "[${a}]:${toString net.ssh.port}"
+                          else a;
+                    in
+                    aliases ++ map add-port net.addrs)
+                  host.nets);
+
+            publicKey = host.ssh.pubkey;
+          })
+          (filterAttrs (_: host: host.ssh.pubkey != null) cfg.hosts);
     }
   ];
 
@@ -464,6 +490,7 @@ let
               "cgit.cd.viljetic.de"
               "cd.krebsco.de"
             ];
+            ssh.port = 11423;
           };
           retiolum = {
             via = internet;
@@ -490,6 +517,7 @@ let
             '';
           };
         };
+        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOd/HqZIO9Trn3eycl23GZAz21HQCISaVNfNyaLSQvJ6";
       };
       mkdir = rec {
         cores = 1;
@@ -522,6 +550,8 @@ let
             '';
           };
         };
+        ssh.privkey = <secrets/ssh.id_ed25519>;
+        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICuShEqU0Cdm7KCaMD5x1D6mgj+cr7qoqbzFJDKoBbbw";
       };
       nomic = {
         cores = 2;
@@ -547,6 +577,7 @@ let
           };
         };
         secure = true;
+        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILn7C3LxAs9kUynENdRNgQs4qjrhNDfXzlHTpVJt6e09";
       };
       rmdir = rec {
         cores = 1;
@@ -579,6 +610,7 @@ let
             '';
           };
         };
+        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFGniQyABsMNSFTKAxJgxZlLrWfexUt+vhZ3p2hpBl4J";
       };
       wu = {
         cores = 4;
@@ -604,6 +636,7 @@ let
           };
         };
         secure = true;
+        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcJvu8JDVzObLUtlAQg9qVugthKSfitwCljuJ5liyHa";
       };
       xu = {
         cores = 4;
@@ -629,6 +662,7 @@ let
           };
         };
         secure = true;
+        ssh.pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID554niVFWomJjuSuQoiCdMUYrCFPpPzQuaoXXYYDxlw";
       };
     };
     users = addNames {
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/32200000.lock: No such file or directory (2)