nixos-configuration/shared/modules/security/ssh.nix

# /nix/store/<hash>/etc/ssh/ssh_config
{ systemConfig, systems, ... }:
with builtins;
let
  domain = "dns.martials.no";
  allSystems = systems ++ [
    {
      hostName = "homelab";
      ssh.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIARDv5nRlfPDXdV+Db4FaqeSJZ3/3MO0frYGzuVeqYAl";
    }
  ];
in
{
  programs.ssh.knownHosts = listToAttrs (
    map (system: {
      name = system.hostName;
      value = {
        extraHostNames = [ "${system.hostName}.${domain}" ];
        publicKey = system.ssh.publicKey;
      };
    }) allSystems
  );
  users.users.${systemConfig.username}.openssh.authorizedKeys.keys = (
    map (system: system.ssh.publicKey) allSystems
  );
}