ssh: add known hosts

Author: EdenEast

modules/nixos/users/users/eden.nix

@@ -12,9 +12,9 @@
       isNormalUser = true;
 
       openssh.authorizedKeys.keyFiles =
-        lib.map (file: "${self.secretsDir}/public-keys/${file}")
+        lib.map (file: "${self.secretsDir}/publicKeys/${file}")
         (lib.filter (file: lib.hasPrefix "eden_" file)
-          (builtins.attrNames (builtins.readDir "${self.secretsDir}/public-keys")));
+          (builtins.attrNames (builtins.readDir "${self.secretsDir}/publicKeys")));
 
       uid = 1000;
     };

modules/snippets/ssh/default.nix

@@ -0,0 +1,3 @@
+{self, ...}: {
+  imports = self.lib.fs.scanPaths ./.;
+}

modules/snippets/ssh/knownHosts.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  self,
+  ...
+}: {
+  options.my.snippets.ssh.knownHosts = lib.mkOption {
+    type = lib.types.attrs;
+    description = "Default ssh known hosts.";
+
+    default = {
+      wrath = {
+        hostNames = ["wrath" "wrath.local" "wrath.${config.my.snippets.tailnet.name}"];
+        publicKeyFile = "${self.secretsDir}/publicKeys/root_wrath.pub";
+      };
+    };
+  };
+}

modules/snippets/tailnet/default.nix

@@ -0,0 +1,9 @@
+{lib, ...}: {
+  options.my.snippets.tailnet = {
+    name = lib.mkOption {
+      default = "cerberus-tilapia.ts.net";
+      description = "Tailnet name.";
+      type = lib.types.str;
+    };
+  };
+}

secrets/public-keys/eden_wrath.pub secrets/publicKeys/eden_wrath.pubsecrets/public-keys/eden_wrath.pub renamed to secrets/publicKeys/eden_wrath.pub

@@ -5,8 +5,8 @@ let
     map (file: builtins.readFile "${path}/${file}")
     (builtins.filter f (builtins.attrNames (builtins.readDir path)));
 
-  systems = mkList ./public-keys isRoot;
-  users = mkList ./public-keys isUser;
+  systems = mkList ./publicKeys isRoot;
+  users = mkList ./publicKeys isUser;
   keys = systems ++ users;
 in {
   "tailscale-auth.age".publicKeys = keys;