From 61eaba980f8bffeec7c1d85ff17280d933f90ac7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
Date: Sat, 29 Jan 2022 10:46:10 +0100
Subject: [PATCH] move github keys to security module

---
 build02/nixpkgs-update.nix | 10 ----------
 roles/security.nix         | 11 +++++++++++
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/build02/nixpkgs-update.nix b/build02/nixpkgs-update.nix
index 9a6a4d7..fa12688 100644
--- a/build02/nixpkgs-update.nix
+++ b/build02/nixpkgs-update.nix
@@ -99,16 +99,6 @@ in
     '';
   };
 
-  programs.ssh.knownHosts.github-rsa = {
-    hostNames = [ "github.com" ];
-    publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
-  };
-
-  programs.ssh.knownHosts.github-ed25519= {
-    hostNames = [ "github.com" ];
-    publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
-  };
-
   systemd.tmpfiles.rules = [
     "L /home/r-ryantm/.gitconfig - - - - ${./gitconfig.txt}"
     "d /home/r-ryantm/.ssh 700 r-ryantm r-ryantm - -"
diff --git a/roles/security.nix b/roles/security.nix
index 51a6d2f..dc0e0d7 100644
--- a/roles/security.nix
+++ b/roles/security.nix
@@ -16,6 +16,17 @@
   services.openssh.kbdInteractiveAuthentication = false;
   services.openssh.passwordAuthentication = false;
 
+  programs.ssh.knownHosts = {
+    github-rsa = {
+      extraHostNames = [ "github.com" ];
+      publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ==";
+    };
+    github-ed25519 = {
+      extraHostNames = [ "github.com" ];
+      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+    };
+  };
+
   # Ban brute force SSH
   services.fail2ban.enable = true;
 }