From 9250a92d5a9e7fea745b1d44d4f9573fe5bc95d1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jalil=20David=20Salam=C3=A9=20Messina?=
 <jalil.salame@gmail.com>
Date: Mon, 15 Jan 2024 22:19:06 +0100
Subject: [PATCH] feat(nixos): Add option to fetch ssh keys from github

---
 nixos/default.nix |  9 +++++++++
 nixos/options.nix | 13 +++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/nixos/default.nix b/nixos/default.nix
index 01a6b1a..84408a6 100644
--- a/nixos/default.nix
+++ b/nixos/default.nix
@@ -46,6 +46,15 @@ in
       status.disabled = false;
       sudo.disabled = false;
     };
+
+    programs.ssh.knownHostsFiles =
+      lib.mapAttrsToList
+        (username: sha256: builtins.fetchurl {
+          inherit sha256;
+          url = "https://github.com/${username}.keys";
+        })
+        cfg.importSSHKeysFromGithub;
+
     # Default shell
     programs.zsh.enable = true;
     users.defaultUserShell = pkgs.zsh;
diff --git a/nixos/options.nix b/nixos/options.nix
index 53f1895..de0f96c 100644
--- a/nixos/options.nix
+++ b/nixos/options.nix
@@ -56,6 +56,19 @@ let
       description = "Jalil's styling options";
       type = types.submodule styling;
     };
+    importSSHKeysFromGithub = lib.mkOption {
+      description = lib.mdDoc ''
+        Import public ssh keys from a github username.
+
+        This will fetch the keys from https://github.com/$${username}.keys.
+
+        The format is `"$${github-username}" = $${sha256-hash}`. The example
+        will try to fetch the keys from <https://github.com/jalil-salame.keys>.
+      '';
+      default = { };
+      example = { "jalil-salame" = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"; };
+      type = types.attrsOf types.str;
+    };
   };
 in
 {