From 746c4276905e8bedb17d69a97680d1077deff69e Mon Sep 17 00:00:00 2001 From: Luke Granger-Brown Date: Sat, 8 Oct 2022 21:14:36 +0100 Subject: [PATCH] hm/ext: init SSH config tweaks for 3p systems --- ops/nixos/lib/home-manager/ext.nix | 17 +++++++++++++++++ ops/nixos/lib/home-manager/porcorosso-wsl.nix | 2 +- 2 files changed, 18 insertions(+), 1 deletion(-) create mode 100644 ops/nixos/lib/home-manager/ext.nix diff --git a/ops/nixos/lib/home-manager/ext.nix b/ops/nixos/lib/home-manager/ext.nix new file mode 100644 index 0000000000..d87b549992 --- /dev/null +++ b/ops/nixos/lib/home-manager/ext.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +let + caKnownHostsFile = pkgs.writeText "ca-known-hosts" '' + @cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub} + ''; +in { + programs.ssh = { + extraConfig = '' + CanonicalizeHostname yes + CanonicalDomains int.as205479.net as205479.net + CanonicalizeMaxDots 0 + CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net + ''; + userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}"; + }; +} diff --git a/ops/nixos/lib/home-manager/porcorosso-wsl.nix b/ops/nixos/lib/home-manager/porcorosso-wsl.nix index 7f42fc1273..04afafaab5 100644 --- a/ops/nixos/lib/home-manager/porcorosso-wsl.nix +++ b/ops/nixos/lib/home-manager/porcorosso-wsl.nix @@ -1,6 +1,6 @@ { pkgs, depot, lib, config, ... }: { - imports = [ ./graphical-client-wayland.nix ]; + imports = [ ./graphical-client-wayland.nix ./ext.nix ]; config = { programs.keychain = {