ops/nixos: refactor ssh_config

ops/nixos/lib/common.nix

@@ -212,9 +212,9 @@ in
     programs.ssh = {
       extraConfig = ''
         CanonicalizeHostname yes
-        CanonicalDomains int.as205479.net as205479.net
+        CanonicalDomains int.as205479.net as205479.net otter-acoustic.ts.net
         CanonicalizeMaxDots 0
-        CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net
+        CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.lukegb.dev:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net
       '';
       knownHosts."*" = {
         certAuthority = true;

ops/nixos/lib/home-manager/ext.nix

@@ -8,9 +8,9 @@ in {
   programs.ssh = {
     extraConfig = ''
       CanonicalizeHostname yes
-      CanonicalDomains int.as205479.net as205479.net
+      CanonicalDomains int.as205479.net as205479.net otter-acoustic.ts.net
       CanonicalizeMaxDots 0
-      CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net
+      CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.lukegb.dev:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net
     '';
     userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";
   };

ops/nixos/lib/whitby-distributed.nix

@@ -22,6 +22,7 @@
 
   programs.ssh.extraConfig = ''
     Host whitby-build
+      Hostname whitby.tvl.fyi
       User lukegb
       PubkeyAcceptedKeyTypes ssh-ed25519
       IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path}