profiles/hetzner-storage-box-client: Globally pin Hetzner Storage Box SSH public keys

profiles/common/default.nix

@@ -17,5 +17,6 @@ with lib;
 
     profiles.clerie.common-webserver.enable = mkDefault true;
 
+    profiles.clerie.hetzner-storage-box-client.enable = mkDefault true;
   };
 }

profiles/default.nix

@@ -16,6 +16,7 @@
     ./firefox
     ./gpg-ssh
     ./hetzner-cloud
+    ./hetzner-storage-box-client
     ./hydra-build-machine
     ./mercury-vm
     ./monitoring-server

profiles/hetzner-storage-box-client/default.nix

@@ -0,0 +1,19 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+
+  options.profiles.clerie.hetzner-storage-box-client = {
+    enable = mkEnableOption "Profile for Hetzner Storage Box Clients";
+  };
+
+  config = mkIf config.profiles.clerie.hetzner-storage-box-client.enable {
+
+   programs.ssh.knownHostsFiles = [
+     ./hetzner-storage-box-ssh_known_hosts
+   ];
+
+ };
+
+}

profiles/hetzner-storage-box-client/hetzner-storage-box-ssh_known_hosts

@@ -0,0 +1,7 @@
+# SSH public keys of Hetzner Storage Box servers
+# Fingerprints from: https://docs.hetzner.com/de/storage/storage-box/general#ssh-host-keys
+# Verify with: ssh-keygen -l -f hetzner-storage-box-ssh_known_hosts
+# SHA256:XqONwb1S0zuj5A1CDxpOSuD2hnAArV1A3wKY7Z3sdgM MD5:12:cd:bd:c7:de:76:91:34:1c:24:31:24:55:40:ab:87
+*.your-storagebox.de,[*.your-storagebox.de]:23 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs
+# SHA256:EMlfI8GsRIfpVkoW1H2u0zYVpFGKkIMKHFZIRkf2ioI MD5:3d:7b:6f:99:5f:68:53:21:73:15:f9:2e:6b:3a:9f:e3
+*.your-storagebox.de,[*.your-storagebox.de]:23 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==