ops/nixos: refactor ssh_config

This commit is contained in:
Luke Granger-Brown 2023-03-12 03:58:52 +00:00
parent 9aa6298df4
commit 721a7e6828
3 changed files with 5 additions and 4 deletions

View file

@ -212,9 +212,9 @@ in
programs.ssh = { programs.ssh = {
extraConfig = '' extraConfig = ''
CanonicalizeHostname yes CanonicalizeHostname yes
CanonicalDomains int.as205479.net as205479.net CanonicalDomains int.as205479.net as205479.net otter-acoustic.ts.net
CanonicalizeMaxDots 0 CanonicalizeMaxDots 0
CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.lukegb.dev:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net
''; '';
knownHosts."*" = { knownHosts."*" = {
certAuthority = true; certAuthority = true;

View file

@ -8,9 +8,9 @@ in {
programs.ssh = { programs.ssh = {
extraConfig = '' extraConfig = ''
CanonicalizeHostname yes CanonicalizeHostname yes
CanonicalDomains int.as205479.net as205479.net CanonicalDomains int.as205479.net as205479.net otter-acoustic.ts.net
CanonicalizeMaxDots 0 CanonicalizeMaxDots 0
CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.lukegb.dev:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net,*.otter-acoustic.ts.net
''; '';
userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}"; userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";
}; };

View file

@ -22,6 +22,7 @@
programs.ssh.extraConfig = '' programs.ssh.extraConfig = ''
Host whitby-build Host whitby-build
Hostname whitby.tvl.fyi
User lukegb User lukegb
PubkeyAcceptedKeyTypes ssh-ed25519 PubkeyAcceptedKeyTypes ssh-ed25519
IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path} IdentityFile ${config.my.vault.secrets.id_ed25519_nixbuild.path}