about summary refs log tree commit diff
diff options
context:
space:
mode:
-rw-r--r--ops/machines/sanduny/default.nix1
-rw-r--r--ops/machines/whitby/default.nix1
-rw-r--r--ops/modules/known-hosts.nix21
3 files changed, 23 insertions, 0 deletions
diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix
index 079b3a163584..f5fc7cdac66a 100644
--- a/ops/machines/sanduny/default.nix
+++ b/ops/machines/sanduny/default.nix
@@ -14,6 +14,7 @@ let
 in
 {
   imports = [
+    (mod "known-hosts.nix")
     (mod "tvl-users.nix")
     (mod "www/sanduny.tvl.su.nix")
   ];
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 64238532c8f3..1d0096abff1f 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -13,6 +13,7 @@ in
     "${depot.path}/ops/modules/gerrit-queue.nix"
     "${depot.path}/ops/modules/irccat.nix"
     "${depot.path}/ops/modules/josh.nix"
+    "${depot.path}/ops/modules/known-hosts.nix"
     "${depot.path}/ops/modules/monorepo-gerrit.nix"
     "${depot.path}/ops/modules/nixery.nix"
     "${depot.path}/ops/modules/oauth2_proxy.nix"
diff --git a/ops/modules/known-hosts.nix b/ops/modules/known-hosts.nix
new file mode 100644
index 000000000000..ef24d61c5767
--- /dev/null
+++ b/ops/modules/known-hosts.nix
@@ -0,0 +1,21 @@
+# Configure public keys for SSH hosts known to TVL.
+{ ... }:
+
+{
+  programs.ssh.knownHosts = {
+    whitby = {
+      hostNames = [ "whitby.tvl.fyi" "whitby.tvl.su" ];
+      publicKey = "whitby.tvl.fyi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
+    };
+
+    sanduny = {
+      hostNames = [ "sanduny.tvl.su" ];
+      publicKey = "sanduny.tvl.su ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX";
+    };
+
+    github = {
+      hostNames = [ "github.com" ];
+      publicKey = "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+    };
+  };
+}