ssh known hosts

diff --git a/hosts/icon/configuration.nix b/hosts/icon/configuration.nix
index e8862cd885e01714ab8074c3fcfcfae3faee4607..8261edfcb767aea213cd058e21dd142d8f24ad2d 100644 (file)
--- a/hosts/icon/configuration.nix
+++ b/hosts/icon/configuration.nix
@@ -9,6 +9,23 @@
     ./../../vim.nix
   ];
 
+  programs.ssh = {
+    knownHosts = {
+      desktop = {
+        extraHostNames = ["192.168.1.122"];
+        publicKeyFile = ./../../pubkeys/desktop_ssh.pub;
+      };
+      vps = {
+        extraHostNames = ["170.205.37.7"];
+        publicKeyFile = ./../../pubkeys/vps_ssh.pub;
+      };
+      github = {
+        extraHostNames = ["github.com"];
+        publicKeyFile = ./../../pubkeys/github_ssh.pub;
+      };
+    };
+  };
+
   users.groups.git = {};
   users.users.nginx.extraGroups = ["git"];
   systemd.services.nginx.serviceConfig = {
@@ -34,9 +51,7 @@
       home = "/srv/git";
       createHome = true;
       homeMode = "755";
-      openssh.authorizedKeys.keys = [
-        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfIZMlXeTEi0YoOq36WNo6xPoolqvoS77ygtKaySkoG admonty1@protonmail.com"
-      ];
+      openssh.authorizedKeys.keyFiles = [../../pubkeys/desktop_ssh.pub];
     };
   };
 

diff --git a/hosts/nepsis/configuration.nix b/hosts/nepsis/configuration.nix
index bfff0bdf4cc4525fa8b33b1a205b1c79b8d11da3..e5d503d4a72d61ef9469aa3b9c6dae98e78438c5 100644 (file)
--- a/hosts/nepsis/configuration.nix
+++ b/hosts/nepsis/configuration.nix
@@ -17,6 +17,34 @@
   networking.hostName = "nepsis";
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 
+  programs.ssh = {
+    knownHosts = {
+      homelab = {
+        extraHostNames = ["192.168.1.120"];
+        publicKeyFile = ./../../pubkeys/homelab_ssh.pub;
+      };
+      vps = {
+        extraHostNames = ["170.205.37.7"];
+        publicKeyFile = ./../../pubkeys/vps_ssh.pub;
+      };
+      github = {
+        extraHostNames = ["github.com"];
+        publicKeyFile = ./../../pubkeys/github_ssh.pub;
+      };
+    };
+    extraConfig = ''
+      Host git-vps
+        HostName git.skullheadx.com
+        Port 2222
+        User git
+      Host git.skullheadx.com
+        HostName localhost
+        Port 2223
+        User git
+        ProxyJump git-vps
+    '';
+  };
+
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";
   # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
@@ -63,20 +91,6 @@
     };
   };
 
-  programs.ssh = {
-    extraConfig = ''
-      Host git-vps
-        HostName git.skullheadx.com
-        Port 2222
-        User git
-      Host git.skullheadx.com
-        HostName localhost
-        Port 2223
-        User git
-        ProxyJump git-vps
-    '';
-  };
-
   programs.steam = {
     enable = true;
     remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play

diff --git a/pubkeys/desktop_ssh.pub b/pubkeys/desktop_ssh.pub
new file mode 100644 (file)
index 0000000..ca0309d
--- /dev/null
+++ b/pubkeys/desktop_ssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPfIZMlXeTEi0YoOq36WNo6xPoolqvoS77ygtKaySkoG admonty1@protonmail.com

diff --git a/pubkeys/github_ssh.pub b/pubkeys/github_ssh.pub
new file mode 100644 (file)
index 0000000..fe00342
--- /dev/null
+++ b/pubkeys/github_ssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl

diff --git a/pubkeys/homelab_ssh.pub b/pubkeys/homelab_ssh.pub
new file mode 100644 (file)
index 0000000..892130e
--- /dev/null
+++ b/pubkeys/homelab_ssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICNyrIlDrgoPqQNP8gG/zkNb/UQ8VekF4sz4ktaLzjWZ

diff --git a/pubkeys/vps_ssh.pub b/pubkeys/vps_ssh.pub
new file mode 100644 (file)
index 0000000..b88b746
--- /dev/null
+++ b/pubkeys/vps_ssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeDkJzsi8H5Y2tDdb29T9v8UKjjzusVN8D3g/V+CM1W