profiles/core/rnl: Include popular hosts in ssh known hosts
Description of changes
Day-to-day usage of the lab computers and the cluster often involves cloning Git repositories from popular sources such as GitHub and GitLab.com (not to be confused with RNL's own GitLab instance), as well as SSH-ing to various machines in RNL and Técnico.
Using the cluster without AFS becomes painful as the known hosts file is not accessible without an AFS ticket, leading to a host key prompt at every invocation of git pull.
Additionally, by pre-loading host public keys for these services globally, we aid our users in securing themselves against man-in-the-middle attacks, as they could otherwise blindly remove the correct host keys and accept host keys from attackers in their own accounts.
This MR preloads host keys for github.com, gitlab.com, nexus*.rnl.tecnico.ulisboa.pt, borg.rnl.tecnico.ulisboa.pt and sigma*.tecnico.ulisboa.pt.
Things done
-
Tested - with
nix eval '.#nixosConfigurations.nexus1.config.programs.ssh.knownHosts'
- with
-
Updated documentation (Wiki/NetBox) - N/A Breaking change