From 0de7471ac0b08aec4860ac09fbc23bfa434721ab Mon Sep 17 00:00:00 2001 From: clerie Date: Sun, 16 Nov 2025 14:02:54 +0100 Subject: [PATCH] profiles/hetzner-storage-box-client: Globally pin Hetzner Storage Box SSH public keys --- profiles/common/default.nix | 1 + profiles/default.nix | 1 + .../hetzner-storage-box-client/default.nix | 19 +++++++++++++++++++ .../hetzner-storage-box-ssh_known_hosts | 7 +++++++ 4 files changed, 28 insertions(+) create mode 100644 profiles/hetzner-storage-box-client/default.nix create mode 100644 profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts diff --git a/profiles/common/default.nix b/profiles/common/default.nix index 868125b..5210dfb 100644 --- a/profiles/common/default.nix +++ b/profiles/common/default.nix @@ -17,5 +17,6 @@ with lib; profiles.clerie.common-webserver.enable = mkDefault true; + profiles.clerie.hetzner-storage-box-client.enable = mkDefault true; }; } diff --git a/profiles/default.nix b/profiles/default.nix index be4303c..9bdf3dd 100644 --- a/profiles/default.nix +++ b/profiles/default.nix @@ -16,6 +16,7 @@ ./firefox ./gpg-ssh ./hetzner-cloud + ./hetzner-storage-box-client ./hydra-build-machine ./mercury-vm ./monitoring-server diff --git a/profiles/hetzner-storage-box-client/default.nix b/profiles/hetzner-storage-box-client/default.nix new file mode 100644 index 0000000..2875d58 --- /dev/null +++ b/profiles/hetzner-storage-box-client/default.nix @@ -0,0 +1,19 @@ +{ config, lib, ... }: + +with lib; + +{ + + options.profiles.clerie.hetzner-storage-box-client = { + enable = mkEnableOption "Profile for Hetzner Storage Box Clients"; + }; + + config = mkIf config.profiles.clerie.hetzner-storage-box-client.enable { + + programs.ssh.knownHostsFiles = [ + ./hetzner-storage-box-ssh_known_hosts + ]; + + }; + +} diff --git a/profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts b/profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts new file mode 100644 index 0000000..602d466 --- /dev/null +++ b/profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts @@ -0,0 +1,7 @@ +# SSH public keys of Hetzner Storage Box servers +# Fingerprints from: https://docs.hetzner.com/de/storage/storage-box/general#ssh-host-keys +# Verify with: ssh-keygen -l -f hetzner-storage-box-ssh_known_hosts +# SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM MD5:12:cd:bd:c7:de:76:91:34:1c:24:31:24:55:40:ab:87 +*.your-storagebox.de,[*.your-storagebox.de]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs +# SHA256:EMlfI8GsRIfpVkoW1H2u0zYVpFGKkIMKHFZIRkf2ioI MD5:3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3 +*.your-storagebox.de,[*.your-storagebox.de]:23 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==