sercanto/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

modules/shared: add known-hosts

Browse source
This commit is contained in:
zowoq 2024-03-10 09:26:39 +10:00
parent bbba9d555c
commit 6987a1b9de
4 changed files with 42 additions and 39 deletions
modules
darwin/common
default.nix
nixos/common
default.nixsecurity.nix
shared
known-hosts.nix

1
modules/darwin/common/default.nix
View file

@ -6,6 +6,7 @@
./reboot.nix ./reboot.nix
./telegraf.nix ./telegraf.nix
./upgrade-diff.nix ./upgrade-diff.nix
../../shared/known-hosts.nix
../../shared/nix-daemon.nix ../../shared/nix-daemon.nix
]; ];

1
modules/nixos/common/default.nix
View file

@ -2,6 +2,7 @@
{ {
imports = [ imports = [
./auto-upgrade.nix ./auto-upgrade.nix
../../shared/known-hosts.nix
../../shared/nix-daemon.nix ../../shared/nix-daemon.nix
./reboot.nix ./reboot.nix
./security.nix ./security.nix

39
modules/nixos/common/security.nix
View file

@ -2,45 +2,6 @@
# Make sure that the firewall is enabled, even if it's the default. # Make sure that the firewall is enabled, even if it's the default.
networking.firewall.enable = true; networking.firewall.enable = true;
programs.ssh.knownHosts = {
build01 = {
hostNames = [ "build01.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";
};
build02 = {
hostNames = [ "build02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm3/o1HguyRL1z/nZxLBY9j/YUNXeNuDoiBLZAyt88Z";
};
build03 = {
hostNames = [ "build03.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiozp1A1+SUfJQPa5DZUQcVc6CZK2ZxL6FJtNdh+2TP";
};
build04 = {
hostNames = [ "build04.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvzMJfCiVKGfEjCfBZqDD7Kib5y+2zz04YI8XrCZ68O";
};
darwin01 = {
hostNames = [ "darwin01.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDDnaVD9TZDJKSpiJQg0qYs0WUHFq3Ur5ijm/kHOY91N";
};
darwin02 = {
hostNames = [ "darwin02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJqwpMUEl1/iwrBakeDb1rlheXlE5mfDLICVz8w6yi6";
};
darwin03 = {
hostNames = [ "darwin03.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX7W1ztzAtVXT+NBMITU+JLXcIE5HTEOd7Q3fQNu80S";
};
hetzner-storage-box = {
hostNames = [ "[u348918.your-storagebox.de]:23" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
web02 = {
hostNames = [ "web02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAkBZMRNgsJ/IbLtjMHqBw/9+4tyn9nT+5B5RFiV0vJ";
};
};
services.openssh = { services.openssh = {
hostKeys = [ hostKeys = [
{ path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }

40
modules/shared/known-hosts.nix Normal file
View file

@ -0,0 +1,40 @@
{
programs.ssh.knownHosts = {
build01 = {
hostNames = [ "build01.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElIQ54qAy7Dh63rBudYKdbzJHrrbrrMXLYl7Pkmk88H";
};
build02 = {
hostNames = [ "build02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMm3/o1HguyRL1z/nZxLBY9j/YUNXeNuDoiBLZAyt88Z";
};
build03 = {
hostNames = [ "build03.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFiozp1A1+SUfJQPa5DZUQcVc6CZK2ZxL6FJtNdh+2TP";
};
build04 = {
hostNames = [ "build04.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINvzMJfCiVKGfEjCfBZqDD7Kib5y+2zz04YI8XrCZ68O";
};
darwin01 = {
hostNames = [ "darwin01.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDDnaVD9TZDJKSpiJQg0qYs0WUHFq3Ur5ijm/kHOY91N";
};
darwin02 = {
hostNames = [ "darwin02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICJqwpMUEl1/iwrBakeDb1rlheXlE5mfDLICVz8w6yi6";
};
darwin03 = {
hostNames = [ "darwin03.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKX7W1ztzAtVXT+NBMITU+JLXcIE5HTEOd7Q3fQNu80S";
};
hetzner-storage-box = {
hostNames = [ "[u348918.your-storagebox.de]:23" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs";
};
web02 = {
hostNames = [ "web02.nix-community.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILAkBZMRNgsJ/IbLtjMHqBw/9+4tyn9nT+5B5RFiV0vJ";
};
};
}