From 95780174e173f59b27d4f1f4e6628262f105477a Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Thu, 17 Feb 2022 19:20:48 +0300
Subject: feat(ops/machines): Add a module for known SSH keys

Change-Id: I443e479f3edf9c6540de7b5a33bc6f7e2a9c5183
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5305
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Autosubmit: tazjin <tazjin@tvl.su>
---
 ops/machines/sanduny/default.nix |  1 +
 ops/machines/whitby/default.nix  |  1 +
 ops/modules/known-hosts.nix      | 21 +++++++++++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 ops/modules/known-hosts.nix

diff --git a/ops/machines/sanduny/default.nix b/ops/machines/sanduny/default.nix
index 079b3a1635..f5fc7cdac6 100644
--- a/ops/machines/sanduny/default.nix
+++ b/ops/machines/sanduny/default.nix
@@ -14,6 +14,7 @@ let
 in
 {
   imports = [
+    (mod "known-hosts.nix")
     (mod "tvl-users.nix")
     (mod "www/sanduny.tvl.su.nix")
   ];
diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix
index 64238532c8..1d0096abff 100644
--- a/ops/machines/whitby/default.nix
+++ b/ops/machines/whitby/default.nix
@@ -13,6 +13,7 @@ in
     "${depot.path}/ops/modules/gerrit-queue.nix"
     "${depot.path}/ops/modules/irccat.nix"
     "${depot.path}/ops/modules/josh.nix"
+    "${depot.path}/ops/modules/known-hosts.nix"
     "${depot.path}/ops/modules/monorepo-gerrit.nix"
     "${depot.path}/ops/modules/nixery.nix"
     "${depot.path}/ops/modules/oauth2_proxy.nix"
diff --git a/ops/modules/known-hosts.nix b/ops/modules/known-hosts.nix
new file mode 100644
index 0000000000..ef24d61c57
--- /dev/null
+++ b/ops/modules/known-hosts.nix
@@ -0,0 +1,21 @@
+# Configure public keys for SSH hosts known to TVL.
+{ ... }:
+
+{
+  programs.ssh.knownHosts = {
+    whitby = {
+      hostNames = [ "whitby.tvl.fyi" "whitby.tvl.su" ];
+      publicKey = "whitby.tvl.fyi ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I";
+    };
+
+    sanduny = {
+      hostNames = [ "sanduny.tvl.su" ];
+      publicKey = "sanduny.tvl.su ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOag0XhylaTVhmT6HB8EN2Fv5Ymrc4ZfypOXONUkykTX";
+    };
+
+    github = {
+      hostNames = [ "github.com" ];
+      publicKey = "github.com ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+    };
+  };
+}
-- 
cgit 1.4.1