Add declarative ssh known hosts
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -1,6 +1,5 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
lib = {
|
||||
runtime = import ./runtime { inherit pkgs; };
|
||||
};
|
||||
fetchers = import ./fetchers { inherit pkgs; };
|
||||
runtime = import ./runtime { inherit pkgs; };
|
||||
}
|
||||
|
||||
4
lib/fetchers/default.nix
Normal file
4
lib/fetchers/default.nix
Normal file
@@ -0,0 +1,4 @@
|
||||
{ pkgs, ... }:
|
||||
{
|
||||
sshKnownHosts = import ./sshKnownHosts { inherit pkgs; };
|
||||
}
|
||||
33
lib/fetchers/sshKnownHosts/default.nix
Normal file
33
lib/fetchers/sshKnownHosts/default.nix
Normal file
@@ -0,0 +1,33 @@
|
||||
{ pkgs, ... }:
|
||||
pkgs.lib.fetchers.withNormalizedHash { } (
|
||||
{
|
||||
host,
|
||||
name ? "ssh-known-hosts-${host}",
|
||||
outputHash,
|
||||
outputHashAlgo,
|
||||
port ? 22,
|
||||
keyTypes ? [
|
||||
"rsa"
|
||||
"ecdsa"
|
||||
"ed25519"
|
||||
],
|
||||
}:
|
||||
let
|
||||
keyTypeArgs = pkgs.lib.concatStringsSep "," keyTypes;
|
||||
in
|
||||
pkgs.runCommand name
|
||||
{
|
||||
inherit outputHash outputHashAlgo;
|
||||
outputHashMode = "flat";
|
||||
preferLocalBuild = true;
|
||||
|
||||
nativeBuildInputs = with pkgs; [
|
||||
openssh
|
||||
gnugrep
|
||||
coreutils
|
||||
];
|
||||
}
|
||||
''
|
||||
ssh-keyscan -p ${toString port} -t ${keyTypeArgs} ${host} | grep -v '^#' | sort > $out
|
||||
''
|
||||
)
|
||||
@@ -148,8 +148,6 @@ cat <<EOF > "./hosts/$host/default.nix"
|
||||
{ inputs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../lib
|
||||
|
||||
inputs.disko.nixosModules.disko
|
||||
./format.nix
|
||||
|
||||
|
||||
Reference in New Issue
Block a user