From b496b2356ae723eaa85cb3c8a91eb43c93b16226 Mon Sep 17 00:00:00 2001
From: "Casper V. Kristensen" <casper@vkristensen.dk>
Date: Tue, 14 Jun 2022 19:05:32 +0200
Subject: [PATCH] borg: more secure known_hosts

and by "more" I mean "actually"
---
 borg/README.md   | 8 ++++++++
 borg/known_hosts | 1 +
 install/borg.sh  | 4 ++--
 3 files changed, 11 insertions(+), 2 deletions(-)
 create mode 100644 borg/README.md
 create mode 100644 borg/known_hosts

diff --git a/borg/README.md b/borg/README.md
new file mode 100644
index 0000000..9e4f6b1
--- /dev/null
+++ b/borg/README.md
@@ -0,0 +1,8 @@
+# BorgBackup
+The server is configured through `infrastructure/sigma/borg/`.
+
+## Status
+```shell
+sudo systemctl status borg-daily.timer
+sudo journalctl -eu borg-daily.service
+```
diff --git a/borg/known_hosts b/borg/known_hosts
new file mode 100644
index 0000000..bd528c3
--- /dev/null
+++ b/borg/known_hosts
@@ -0,0 +1 @@
+[borg.caspervk.net]:22222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILTAcXTN0i4BS5EEXtaHzYagbE1W7TCimbXiXamGsb7S
diff --git a/install/borg.sh b/install/borg.sh
index a225367..f66a194 100755
--- a/install/borg.sh
+++ b/install/borg.sh
@@ -33,8 +33,8 @@ sudo systemctl start borg-daily.timer
 
 
 # SSH
-ssh-keyscan -t ed25519 -p 22222 borg.caspervk.net | sudo tee /root/.ssh/known_hosts  # add backup server to known_hosts
+sudo cp borg/known_hosts /root/.ssh/known_hosts
 sudo ssh-keygen -t ed25519 || true  # generate key for the root user, it's fine if it already exists
-echo "Please add /root/.ssh/id_ed25519.pub to the servers authorized_keys"
+echo "Please add /root/.ssh/id_ed25519.pub to the servers' authorized_keys"
 read -p 'Press any key when done to test the connection.. (should return "PTY allocation request failed on channel 0")'
 sudo ssh borg@borg.caspervk.net -p 22222