profiles/hetzner-storage-box-client: Globally pin Hetzner Storage Box SSH public keys

2025-11-16 14:02:54 +01:00
parent db9ea1ea5c
commit 0de7471ac0
4 changed files with 28 additions and 0 deletions
--- a/profiles/hetzner-storage-box-client/default.nix
+++ b/profiles/hetzner-storage-box-client/default.nix
@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.hetzner-storage-box-client = {
+    enable = mkEnableOption "Profile for Hetzner Storage Box Clients";
+  };
+
+  config = mkIf config.profiles.clerie.hetzner-storage-box-client.enable {
+
+   programs.ssh.knownHostsFiles = [
+     ./hetzner-storage-box-ssh_known_hosts
+   ];
+
+ };
+
+}
--- a/profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts
+++ b/profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts
@@ -0,0 +1,7 @@
+# SSH public keys of Hetzner Storage Box servers
+# Fingerprints from: https://docs.hetzner.com/de/storage/storage-box/general#ssh-host-keys
+# Verify with: ssh-keygen -l -f hetzner-storage-box-ssh_known_hosts
+# SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM MD5:12:cd:bd:c7:de:76:91:34:1c:24:31:24:55:40:ab:87
+*.your-storagebox.de,[*.your-storagebox.de]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs
+# SHA256:EMlfI8GsRIfpVkoW1H2u0zYVpFGKkIMKHFZIRkf2ioI MD5:3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3
+*.your-storagebox.de,[*.your-storagebox.de]:23 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==