From a8b257f32c96eb265f855728e6e85d33a6834672 Mon Sep 17 00:00:00 2001
From: Michael Hoang <enzime@users.noreply.github.com>
Date: Thu, 20 Mar 2025 17:04:12 +0900
Subject: [PATCH] sshd: trust own ed25519 host key as a known host

---
 clanModules/sshd/roles/server.nix | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/clanModules/sshd/roles/server.nix b/clanModules/sshd/roles/server.nix
index bf02fe306..5579f7f0a 100644
--- a/clanModules/sshd/roles/server.nix
+++ b/clanModules/sshd/roles/server.nix
@@ -37,6 +37,7 @@ in
           type = "rsa";
         };
     };
+
     clan.core.vars.generators.openssh = {
       files."ssh.id_ed25519" = { };
       files."ssh.id_ed25519.pub".secret = false;
@@ -50,6 +51,14 @@ in
       '';
     };
 
+    programs.ssh.knownHosts.clan-sshd-self-ed25519 = {
+      hostNames = [
+        "localhost"
+        config.networking.hostName
+      ] ++ (lib.optional (config.networking.domain != null) cfg.fqdn);
+      publicKey = config.clan.core.vars.generators.openssh.files."ssh.id_ed25519.pub".value;
+    };
+
     clan.core.vars.generators.openssh-rsa = lib.mkIf config.clan.sshd.hostKeys.rsa.enable {
       files."ssh.id_rsa" = { };
       files."ssh.id_rsa.pub".secret = false;