diff --git a/hosts/lab/dokuwiki.nix b/hosts/lab/dokuwiki.nix
index 3c7ee21..9a3d213 100644
--- a/hosts/lab/dokuwiki.nix
+++ b/hosts/lab/dokuwiki.nix
@@ -1,4 +1,20 @@
-{ ... }:
+{ pkgs, ... }:
+let
+  initOpenssh = pkgs.writeTextFile {
+    name = "30-openssh";
+    executable = true;
+    text = ''
+      #!/bin/sh
+      set -e
+      command -v ssh >/dev/null 2>&1 || apk add --no-cache openssh-client
+      if [ ! -f /config/.ssh/known_hosts ] || ! grep -q "^github.com " /config/.ssh/known_hosts; then
+        mkdir -p /config/.ssh
+        ssh-keyscan -t ed25519,rsa github.com >> /config/.ssh/known_hosts 2>/dev/null
+        chmod 600 /config/.ssh/known_hosts
+      fi
+    '';
+  };
+in
 {
   services.caddy.virtualHosts."wiki.ily.rs" = {
     extraConfig = ''
@@ -30,6 +46,13 @@
     ports = [ "127.0.0.1:8070:80" ];
   };
 
+  systemd.tmpfiles.settings."10-dokuwiki"."/srv/dokuwiki/cont-init.d/30-openssh"."C+" = {
+    argument = "${initOpenssh}";
+    user = "100999";
+    group = "100999";
+    mode = "0755";
+  };
+
   # Workaround for NixOS/nixpkgs#410857 until backport of #475089 lands
   systemd.services.podman-dokuwiki.serviceConfig.Delegate = true;
 }