feat(ops/machines): Add a module for known SSH keys

Change-Id: I443e479f3edf9c6540de7b5a33bc6f7e2a9c5183
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5305
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
This commit is contained in:
Vincent Ambo 2022-02-17 19:20:48 +03:00 committed by tazjin
parent b936843bb0
commit 95780174e1
3 changed files with 23 additions and 0 deletions

View file

@ -14,6 +14,7 @@ let
in
{
imports = [
(mod "known-hosts.nix")
(mod "tvl-users.nix")
(mod "www/sanduny.tvl.su.nix")
];

View file

@ -13,6 +13,7 @@ in
"${depot.path}/ops/modules/gerrit-queue.nix"
"${depot.path}/ops/modules/irccat.nix"
"${depot.path}/ops/modules/josh.nix"
"${depot.path}/ops/modules/known-hosts.nix"
"${depot.path}/ops/modules/monorepo-gerrit.nix"
"${depot.path}/ops/modules/nixery.nix"
"${depot.path}/ops/modules/oauth2_proxy.nix"

View file

@ -0,0 +1,21 @@
# Configure public keys for SSH hosts known to TVL.
{ ... }:
{
programs.ssh.knownHosts = {
whitby = {
hostNames = [ "whitby.tvl.fyi" "whitby.tvl.su" ];
publicKey = "whitby.tvl.fyi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
};
sanduny = {
hostNames = [ "sanduny.tvl.su" ];
publicKey = "sanduny.tvl.su ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX";
};
github = {
hostNames = [ "github.com" ];
publicKey = "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
};
}