From ad2b8951e69fd6c516aca5f46edf5fb4875f8c66 Mon Sep 17 00:00:00 2001
From: Chris Toph <toph@ryot.foo>
Date: Wed, 23 Apr 2025 13:52:20 -0400
Subject: [PATCH] Add known_hosts support in SSH secrets
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

• Append known_hosts file generation using defined SSH entries
• Change knownHosts type from attribute set to list for simplicity
---
 home/toph/common/core/ssh.nix  | 2 ++
 modules/common/secret-spec.nix | 6 +++---
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/home/toph/common/core/ssh.nix b/home/toph/common/core/ssh.nix
index 88e756c..e551aeb 100644
--- a/home/toph/common/core/ssh.nix
+++ b/home/toph/common/core/ssh.nix
@@ -42,6 +42,8 @@ in
           chmod 400 $HOME/.ssh/config
         '';
       };
+
+      ".ssh/known_hosts".text = lib.concatStringsSep "\n" secretsSpec.ssh.knownHosts;
     }
     # Dynamically add all SSH private keys using the existing store paths
     # Ensures the keys have correct permissions and are not symlinks
diff --git a/modules/common/secret-spec.nix b/modules/common/secret-spec.nix
index d0285ad..63a5d02 100644
--- a/modules/common/secret-spec.nix
+++ b/modules/common/secret-spec.nix
@@ -42,9 +42,9 @@ in
             default = { };
           };
           knownHosts = lib.mkOption {
-            type = lib.types.attrsOf lib.types.str;
-            description = "SSH known hosts entries keyed by hostname";
-            default = { };
+            type = lib.types.listOf lib.types.str;
+            description = "SSH known hosts entries";
+            default = [ ];
           };
         };
       };