blob: 8123fe2aa0f8f76a3b02a81eb151adddd0e9b2f9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
{ pkgs, ... }:
{
programs.ssh.extraConfig = ''
Host uhura spock
HostName %h.edef.eu
Host hyperion
HostName %h.kookie.space
Host atuin
HostName %h.qyliss.net
Match host github.com
User git
'';
programs.ssh.knownHosts = [
{
hostNames = [ "@cert-authority edef.eu,*.edef.eu" ];
publicKeyFile = with pkgs; runCommand "edef.eu" {
nativeBuildInputs = [ curl gnupg ];
outputHashAlgo = "sha256";
outputHashMode = "recursive";
outputHash = "1n3136v4yl5w5g2dg874v3sk8a6a3346hrhk8an6kmm2zc6z2j1v";
} ''
set -ueo pipefail
export GNUPGHOME="$PWD/gnupg"
mkdir -m 0700 "$GNUPGHOME"
curl -fL --cacert ${cacert}/etc/ssl/certs/ca-bundle.crt \
https://edef.eu/edef.asc | gpg --import
gpg --output $out --export-ssh-key '87FC9CBBD39FB2B36EE3D86994D3730D803010E7!'
'';
}
];
}
|