diff --git a/ops/nixos/lib/home-manager/ext.nix b/ops/nixos/lib/home-manager/ext.nix new file mode 100644 index 0000000000..d87b549992 --- /dev/null +++ b/ops/nixos/lib/home-manager/ext.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +let + caKnownHostsFile = pkgs.writeText "ca-known-hosts" '' + @cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub} + ''; +in { + programs.ssh = { + extraConfig = '' + CanonicalizeHostname yes + CanonicalDomains int.as205479.net as205479.net + CanonicalizeMaxDots 0 + CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net + ''; + userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}"; + }; +} diff --git a/ops/nixos/lib/home-manager/porcorosso-wsl.nix b/ops/nixos/lib/home-manager/porcorosso-wsl.nix index 7f42fc1273..04afafaab5 100644 --- a/ops/nixos/lib/home-manager/porcorosso-wsl.nix +++ b/ops/nixos/lib/home-manager/porcorosso-wsl.nix @@ -1,6 +1,6 @@ { pkgs, depot, lib, config, ... }: { - imports = [ ./graphical-client-wayland.nix ]; + imports = [ ./graphical-client-wayland.nix ./ext.nix ]; config = { programs.keychain = {