diff options
author | tv <tv@shackspace.de> | 2015-10-09 13:18:21 +0200 |
---|---|---|
committer | tv <tv@shackspace.de> | 2015-10-09 13:18:21 +0200 |
commit | f1cc52aeaf6c18afb1c79c08914471ff73943a77 (patch) | |
tree | 8835ffdf434da56e658efa11cf6766d3df883d8d /krebs/3modules/default.nix | |
parent | 9ae6d1611ef8cd8479235ac91272e694080b9d89 (diff) |
known_hosts: GitHub is 192.30.252.0/22
Diffstat (limited to 'krebs/3modules/default.nix')
-rw-r--r-- | krebs/3modules/default.nix | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index eeb3acdcb..69613d4c3 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -137,13 +137,22 @@ let mkIf (privkey != null) (mkForce [privkey]); services.openssh.knownHosts = - { - github = { - hostNames = ["github.com"] ++ - map (i: "192.30.252.${toString i}") (range 0 255); - publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; - }; - } // + # GitHub's IPv4 address range is 192.30.252.0/22 + # Refs https://help.github.com/articles/what-ip-addresses-does-github-use-that-i-should-whitelist/ + # 192.30.252.0/22 = 192.30.252.0-192.30.255.255 (1024 addresses) + # Because line length is limited by OPENSSH_LINE_MAX (= 8192), + # we split each /24 into its own entry. + listToAttrs (map + (c: { + name = "github${toString c}"; + value = { + hostNames = ["github.com"] ++ + map (d: "192.30.${toString c}.${toString d}") (range 0 255); + publicKey = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAq2A7hRGmdnm9tUDbO9IDSwBK6TbQa+PXYPCPy6rbTrTtw7PHkccKrpp0yVhp5HdEIcKr6pLlVDBfOLX9QUsyCOV0wzfjIJNlGEYsdlLJizHhbn2mUjvSAHQqZETYP81eFzLQNnPHt4EVVUh7VfDESU84KezmD5QlWpXLmvU31/yMf+Se8xhHTvKSCZIFImWwoG6mbUoWf9nzpIoaSjB+weqqUUmpaaasXVal72J+UX2B+2RPW3RcT0eOzQgqlJL3RKrTJvdsjE3JEAvGq3lGHSZXy28G3skua2SmVi/w4yCE6gbODqnTWlg7+wC604ydGXA8VJiS5ap43JXiUFFAaQ=="; + }; + }) + (range 252 255)) + // mapAttrs (name: host: { hostNames = |