hm/ext: init SSH config tweaks for 3p systems
This commit is contained in:
parent
17b138e8f0
commit
746c427690
2 changed files with 18 additions and 1 deletions
17
ops/nixos/lib/home-manager/ext.nix
Normal file
17
ops/nixos/lib/home-manager/ext.nix
Normal file
|
@ -0,0 +1,17 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
caKnownHostsFile = pkgs.writeText "ca-known-hosts" ''
|
||||||
|
@cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub}
|
||||||
|
'';
|
||||||
|
in {
|
||||||
|
programs.ssh = {
|
||||||
|
extraConfig = ''
|
||||||
|
CanonicalizeHostname yes
|
||||||
|
CanonicalDomains int.as205479.net as205479.net
|
||||||
|
CanonicalizeMaxDots 0
|
||||||
|
CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net
|
||||||
|
'';
|
||||||
|
userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,6 +1,6 @@
|
||||||
{ pkgs, depot, lib, config, ... }:
|
{ pkgs, depot, lib, config, ... }:
|
||||||
{
|
{
|
||||||
imports = [ ./graphical-client-wayland.nix ];
|
imports = [ ./graphical-client-wayland.nix ./ext.nix ];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
programs.keychain = {
|
programs.keychain = {
|
||||||
|
|
Loading…
Reference in a new issue