hm/ext: init SSH config tweaks for 3p systems

This commit is contained in:
Luke Granger-Brown 2022-10-08 21:14:36 +01:00
parent 17b138e8f0
commit 746c427690
2 changed files with 18 additions and 1 deletions

View file

@ -0,0 +1,17 @@
{ config, lib, pkgs, ... }:
let
caKnownHostsFile = pkgs.writeText "ca-known-hosts" ''
@cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub}
'';
in {
programs.ssh = {
extraConfig = ''
CanonicalizeHostname yes
CanonicalDomains int.as205479.net as205479.net
CanonicalizeMaxDots 0
CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net
'';
userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";
};
}

View file

@ -1,6 +1,6 @@
{ pkgs, depot, lib, config, ... }:
{
imports = [ ./graphical-client-wayland.nix ];
imports = [ ./graphical-client-wayland.nix ./ext.nix ];
config = {
programs.keychain = {