sshd: trust own ed25519 host key as a known host

2025-03-20 17:04:12 +09:00
parent 6ffbb43cb2
commit effcbaaa0f
1 changed files with 9 additions and 0 deletions
--- a/clanModules/sshd/roles/server.nix
+++ b/clanModules/sshd/roles/server.nix
@@ -37,6 +37,7 @@ in
          type = "rsa";
        };
    };
+
    clan.core.vars.generators.openssh = {
      files."ssh.id_ed25519" = { };
      files."ssh.id_ed25519.pub".secret = false;
@@ -50,6 +51,14 @@ in
      '';
    };

+    programs.ssh.knownHosts.clan-sshd-self-ed25519 = {
+      hostNames = [
+        "localhost"
+        config.networking.hostName
+      ] ++ (lib.optional (config.networking.domain != null) cfg.fqdn);
+      publicKey = config.clan.core.vars.generators.openssh.files."ssh.id_ed25519.pub".value;
+    };
+
    clan.core.vars.generators.openssh-rsa = lib.mkIf config.clan.sshd.hostKeys.rsa.enable {
      files."ssh.id_rsa" = { };
      files."ssh.id_rsa.pub".secret = false;