depot/ops/nixos/lib/home-manager/ext.nix

{ config, lib, pkgs, ... }:

let
  caKnownHostsFile = pkgs.writeText "ca-known-hosts" ''
    @cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub}
  '';
in {
  programs.ssh = {
    extraConfig = ''
      CanonicalizeHostname yes
      CanonicalDomains int.as205479.net as205479.net otter-acoustic.ts.net
      CanonicalizeMaxDots 0
      CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.lukegb.dev:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net
    '';
    userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";
  };
}
hm/ext: init SSH config tweaks for 3p systems 2022-10-08 20:14:36 +00:00			`{ config, lib, pkgs, ... }:`

			`let`
			`caKnownHostsFile = pkgs.writeText "ca-known-hosts" ''`
			`@cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub}`
			`'';`
			`in {`
			`programs.ssh = {`
			`extraConfig = ''`
			`CanonicalizeHostname yes`
ops/nixos: refactor ssh_config 2023-03-12 03:58:52 +00:00			`CanonicalDomains int.as205479.net as205479.net otter-acoustic.ts.net`
hm/ext: init SSH config tweaks for 3p systems 2022-10-08 20:14:36 +00:00			`CanonicalizeMaxDots 0`
ops/nixos: refactor ssh_config 2023-03-12 03:58:52 +00:00			`CanonicalizePermittedCNAMEs .lukegb.com:.as205479.net,.int.as205479.net,.otter-acoustic.ts.net .lukegb.dev:.as205479.net,.int.as205479.net,.otter-acoustic.ts.net .zxcvbnm.ninja:.as205479.net,.int.as205479.net,.otter-acoustic.ts.net`
hm/ext: init SSH config tweaks for 3p systems 2022-10-08 20:14:36 +00:00			`'';`
			`userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";`
			`};`
			`}`