diff --git a/hosts/web-2/clerie.nix b/hosts/web-2/clerie.nix
index 7336cac..7961a54 100644
--- a/hosts/web-2/clerie.nix
+++ b/hosts/web-2/clerie.nix
@@ -27,7 +27,7 @@
         root = pkgs.clerie-keys;
       };
       locations."= /ssh/known_hosts" = {
-        alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);
+        alias = pkgs.clerie-ssh-known-hosts + "/known_hosts";
         extraConfig = ''
           types { }
           default_type "text/plain; charset=utf-8";
diff --git a/lib/ssh-known-hosts.nix b/pkgs/clerie-ssh-known-hosts/default.nix
similarity index 55%
rename from lib/ssh-known-hosts.nix
rename to pkgs/clerie-ssh-known-hosts/default.nix
index 20c6676..b21fe45 100644
--- a/lib/ssh-known-hosts.nix
+++ b/pkgs/clerie-ssh-known-hosts/default.nix
@@ -1,13 +1,22 @@
+{
+  writeTextFile,
+}:
+
 let
   stripR = str: if (builtins.substring ((builtins.stringLength str) - 1) (builtins.stringLength str) str) == "\n" then stripR (builtins.substring 0 ((builtins.stringLength str) - 1) str) else str;
-  hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../hosts));
+  hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../../hosts));
   sshkeyList = map (hostname: {
     name = hostname;
-    sshPubkey = stripR (builtins.readFile (../hosts + "/${hostname}/ssh.pub"));
+    sshPubkey = stripR (builtins.readFile (../../hosts + "/${hostname}/ssh.pub"));
   }) hostsWithSshPubkey;
   knownHosts = builtins.concatStringsSep "" (builtins.map ({name, sshPubkey}: ''
     ${name} ${sshPubkey}
     ${name}.net.clerie.de ${sshPubkey}
   '') sshkeyList);
-in
-  knownHosts
+in writeTextFile {
+  name = "clerie-ssh-known-hosts";
+  destination = "/known_hosts";
+  allowSubstitutes = true;
+  preferLocalBuild = false;
+  text = knownHosts;
+}
diff --git a/pkgs/overlay.nix b/pkgs/overlay.nix
index a72887a..2a6f3ac 100644
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -2,6 +2,7 @@ final: prev: {
   clerie-backup = final.callPackage ./clerie-backup {};
   clerie-cleanup-branches = final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
   clerie-keys = final.callPackage ./clerie-keys {};
+  clerie-ssh-known-hosts = final.callPackage ./clerie-ssh-known-hosts {};
   clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
   clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
   clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};