From 7ffcd694068d484842be0b87a9aeeda0a7720568 Mon Sep 17 00:00:00 2001
From: EuAndreh <eu@euandre.org>
Date: Mon, 20 Mar 2023 09:46:20 -0300
Subject: Manage public SSH files as "extra-etc-file" instead of like a secret

---
 src/infrastructure/config/known_hosts.txt                      |  7 +++++++
 src/infrastructure/guix/system.scm                             | 10 ++++++----
 .../keys/SSH/root@euandre.org.id_rsa.pub.stripped              |  1 +
 src/infrastructure/keys/known_hosts.txt                        |  7 -------
 4 files changed, 14 insertions(+), 11 deletions(-)
 create mode 100644 src/infrastructure/config/known_hosts.txt
 create mode 100644 src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped
 delete mode 100644 src/infrastructure/keys/known_hosts.txt

(limited to 'src')

diff --git a/src/infrastructure/config/known_hosts.txt b/src/infrastructure/config/known_hosts.txt
new file mode 100644
index 0000000..44fc283
--- /dev/null
+++ b/src/infrastructure/config/known_hosts.txt
@@ -0,0 +1,7 @@
+# rsync.net public keys for suyin (personal) and zhu-li (pilotis.net)
+# Verified in 2023-03-08 at:
+# https://www.rsync.net/resources/fingerprints.txt
+
+zh3051.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
+zh3051.rsync.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLR2uz+YLn2KiQK0Luu8rhfWS6LHgUfGAWB1j8rM2MKn4KZ2/LhIX1CYkPKMTPxHr6mzayeL1T1hyJIylxXv0BY=
+zh3051.rsync.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPgHxQyaDaVxUefoUJZO/lITh0Gp0sqbP7HejQcCfZi7gAcuM6/IAuUXLHFImefCHh52x6T/cHxgL1qz26GKgdxykl06WRXlRIuE45QFSy/cd9JKr6l58fKq30ApmXRsCNwFrMlFPoEpCTqxzddZ9cLXs1Yt9dRxvFlQVEuAzw7ayvt8DE6RP9/CHYVp54wbbvUToECGwu70sxY1vFg51K+vNpvJ3J0t5j3s4c1Wls4BrIwqi2U8kqCq9Nj2CUIQqjM+93CSqEacR3qOGvG/6QMzd733wzpJ/iZee+lcyTYzA0YNMosnaF01hrv7NMwtZ6xRFLlJZtMZ7JpfySrOBr
diff --git a/src/infrastructure/guix/system.scm b/src/infrastructure/guix/system.scm
index 3d340e5..d591c2b 100644
--- a/src/infrastructure/guix/system.scm
+++ b/src/infrastructure/guix/system.scm
@@ -409,10 +409,12 @@
                      "#)))))))
       (service cgit-service-type queue:cgit-pre-configuration)
       (simple-service 'extra-etc-file etc-service-type
-        `(("rc"        ,(plain-file "rc.sh"     (file "src/infrastructure/config/rc.sh")))
-          ("ssh.conf"  ,(plain-file "ssh.conf"  (file "src/infrastructure/config/ssh.conf")))
-          ("init.scm"  ,(plain-file "init.scm"  (file "src/infrastructure/config/init.scm")))
-          ("gitconfig" ,(plain-file "gitconfig" (file "src/infrastructure/config/gitconfig")))))
+        `(("rc"          ,(plain-file "rc.sh"       (file "src/infrastructure/config/rc.sh")))
+          ("known_hosts" ,(plain-file "known_hosts" (file "src/infrastructure/config/known_hosts.txt")))
+          ("id_rsa.pub"  ,(plain-file "id_rsa.pub"  (file "src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped")))
+          ("ssh.conf"    ,(plain-file "ssh.conf"    (file "src/infrastructure/config/ssh.conf")))
+          ("init.scm"    ,(plain-file "init.scm"    (file "src/infrastructure/config/init.scm")))
+          ("gitconfig"   ,(plain-file "gitconfig"   (file "src/infrastructure/config/gitconfig")))))
       (service git-daemon-service-type
         (git-daemon-configuration
           (export-all? #t)))
diff --git a/src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped b/src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped
new file mode 100644
index 0000000..4a715ff
--- /dev/null
+++ b/src/infrastructure/keys/SSH/root@euandre.org.id_rsa.pub.stripped
@@ -0,0 +1 @@
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC0o73ml7gMPhw/EwjIof6ph5PHPAL5EFDrP7PPZ9xCES79nSKZ0r40uW2RNp2Gzwb/QYtbr/aFkuX11Eo739upnj5cydyr4AHPLgoBoPVbn7/0/IIkin4r31GrWYdGzXRZSB5Tz0Za58OYW0RiUVHffx/E5+tOBQ2SMc6WK9/Q6FljGrD3yK/KYgZhcvmfsDTv2DGhFFORoUQSfGGwmRMJXGVPG2lDqoD3I3CWF34Y/b9GRHdSFgHy3iOas03WTsMaOSosmuF9MMm8Zn2515XGXU+uirsUJrFOa5leRBEvoEmx+WsB6CULn0PKk+ieghcq8z4j5oR1AOUFeSSJVIvlOyyt8x5rqLW8CvPFtU982LZrAq/DCcuaIkx/ww/cIbkUIN52Tv1Ia8jfV2aqRJ4hRshsuh9mj5fUlp+jmrMY6Ww5tl24OKrKRAT6pr5Fzgip927BkLPKJFClcp5fzZJLUiwNihYfuR5J+VselMPfxoTXfNVj/hsINclj2CLoCTM= root@toph
diff --git a/src/infrastructure/keys/known_hosts.txt b/src/infrastructure/keys/known_hosts.txt
deleted file mode 100644
index 44fc283..0000000
--- a/src/infrastructure/keys/known_hosts.txt
+++ /dev/null
@@ -1,7 +0,0 @@
-# rsync.net public keys for suyin (personal) and zhu-li (pilotis.net)
-# Verified in 2023-03-08 at:
-# https://www.rsync.net/resources/fingerprints.txt
-
-zh3051.rsync.net ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJtclizeBy1Uo3D86HpgD3LONGVH0CJ0NT+YfZlldAJd
-zh3051.rsync.net ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBLR2uz+YLn2KiQK0Luu8rhfWS6LHgUfGAWB1j8rM2MKn4KZ2/LhIX1CYkPKMTPxHr6mzayeL1T1hyJIylxXv0BY=
-zh3051.rsync.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPgHxQyaDaVxUefoUJZO/lITh0Gp0sqbP7HejQcCfZi7gAcuM6/IAuUXLHFImefCHh52x6T/cHxgL1qz26GKgdxykl06WRXlRIuE45QFSy/cd9JKr6l58fKq30ApmXRsCNwFrMlFPoEpCTqxzddZ9cLXs1Yt9dRxvFlQVEuAzw7ayvt8DE6RP9/CHYVp54wbbvUToECGwu70sxY1vFg51K+vNpvJ3J0t5j3s4c1Wls4BrIwqi2U8kqCq9Nj2CUIQqjM+93CSqEacR3qOGvG/6QMzd733wzpJ/iZee+lcyTYzA0YNMosnaF01hrv7NMwtZ6xRFLlJZtMZ7JpfySrOBr
-- 
cgit v1.2.3