hosts/web-2: expose know_hosts

bin/update-ssh-host-keys.sh

@@ -0,0 +1,8 @@
+#!/bin/bash
+
+cd $(git rev-parse --show-toplevel)
+
+for host in $(nix eval --apply 'attrs: builtins.concatStringsSep "\n" (builtins.filter (name: (builtins.substring 0 1 name) != "_") (builtins.attrNames attrs))' --raw .#clerie.hosts); do
+	echo $host
+	ssh-keyscan -t ed25519 ${host}.net.clerie.de 2>/dev/null | sed -E 's/(\S+) (.+)/\2/g' > hosts/${host}/ssh.pub
+done

hosts/carbon/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGdyTanEqCieqt81Ri8xHnw1dyK3i8srDi1F+xIb3Js3

hosts/dn42-il-gw1/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINbpzEFngWD8gZpGKvOdo5CVMPlaDCylNKorf/ZN93rT

hosts/dn42-il-gw5/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHCgFELN24kkb40/Pv2aOwhfqoqbCEdQPBTND7nTw1hd

hosts/dn42-il-gw6/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGI7h8xpVDM0BsY+XGwp8kX1XKn82Cg0lhd1M4Eldsp5

hosts/dn42-ildix-clerie/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIANa33GhY8tK+rGFKjrEbaw289bMqh1Aazyo04B//27t

hosts/dn42-ildix-service/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbqGg6BF4MLSgDIe0Q0EsaogXPlYKHCNKWvfIXkNq7L

hosts/gatekeeper/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKhHoM0m6PZnCCzWOugKnN/BqhadwYzEE8xbABQxEhgo

hosts/hydra-1/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE2xQBCsFBCwL9n4OP/bPngtNO1fy9kPw13Z/NDoba16

hosts/hydra-2/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZED9QM+qe7sB6R6atvP6WNaI2sC2nh7TTsD6kgRpnr

hosts/minecraft-2/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIYGtzxrVeuA7ShtNLmf2iBQDT/4h6aQHQHsuJ2WbSN/

hosts/monitoring-3/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFLx2HIlnJdOn4JafIdQsUvdjcrAHX9XtP5S//eN5sxW

hosts/nonat/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJNYD4kXavTWu8ftw/8pYkyUjIUFS4zxkHjJZSTgkm3Z

hosts/osmium/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICt1KsCZpvwltp5UMyamLI5YIBj3imlGwWr24efQM7i

hosts/palladium/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBc/YTf80MjyVeApOecOlxORIlwCaWtJNWtfggc0B374

hosts/porter/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN2AeM/t66I8+9K+IYGdb/K531ujaqSqNpevIZqs4CdY

hosts/schule/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAIuAyY1FtMWoBdLzOkDsCro6vQjGYQduGzU9HLcSvfj

hosts/storage-2/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIXlKMje2VbEtAuqn7ui9A4A7gqfv4c412iKvKk76D8p

hosts/web-2/clerie.nix

@@ -18,6 +18,9 @@
         rev = "d3f220899ecb98e87026ee0a7600bb8898ae3c42";
         sha256 = "sha256-3o2/+m5OGSfc5RTrS4/j/aVibDasQISL7vY+J3yxbB8=";
       };
+      locations."= /ssh/known_hosts" = {
+        alias = pkgs.writeText "known_hosts" (import ../../lib/ssh-known-hosts.nix);
+      };
       locations."~ ^/.well-known/openpgpkey/hu/[a-z0-9]+/?$" = {
         extraConfig = ''
           default_type application/octet-stream;

hosts/web-2/ssh.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIHQDwfRlw6L+pkLjXDgW2BUWlY1zNEDtVhNEsClgqaL

lib/ssh-known-hosts.nix

@@ -0,0 +1,13 @@
+let
+  stripR = str: if (builtins.substring ((builtins.stringLength str) - 1) (builtins.stringLength str) str) == "\n" then stripR (builtins.substring 0 ((builtins.stringLength str) - 1) str) else str;
+  hostsWithSshPubkey = builtins.filter (hostname: (builtins.substring 0 1 hostname) != "_" && builtins.pathExists (../hosts + "/${hostname}/ssh.pub")) (builtins.attrNames (builtins.readDir ../hosts));
+  sshkeyList = map (hostname: {
+    name = hostname;
+    sshPubkey = stripR (builtins.readFile (../hosts + "/${hostname}/ssh.pub"));
+  }) hostsWithSshPubkey;
+  knownHosts = builtins.concatStringsSep "" (builtins.map ({name, sshPubkey}: ''
+    ${name} ${sshPubkey}
+    ${name}.net.clerie.de ${sshPubkey}
+  '') sshkeyList);
+in
+  knownHosts