From ab89c107d9b431776b5bfbf4667b609b771ca945 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sat, 29 Apr 2023 14:44:45 -0700
Subject: modules/system: add ssh keys for known hosts

These keys are stable, they can be set on every hosts.
---
 modules/system/security/default.nix | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/modules/system/security/default.nix b/modules/system/security/default.nix
index 1181e6a..ecb32d0 100644
--- a/modules/system/security/default.nix
+++ b/modules/system/security/default.nix
@@ -3,4 +3,14 @@
 {
   security.sudo.wheelNeedsPassword = false;
   security.polkit.enable = true;
+
+  programs.ssh = {
+    # $ ssh-keyscan example.com
+    knownHosts = {
+      github = {
+        hostNames = [ "github.com" ];
+        publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
+      };
+    };
+  };
 }
-- 
cgit 1.4.1