hm/ext: init SSH config tweaks for 3p systems
This commit is contained in:
parent
17b138e8f0
commit
746c427690
2 changed files with 18 additions and 1 deletions
17
ops/nixos/lib/home-manager/ext.nix
Normal file
17
ops/nixos/lib/home-manager/ext.nix
Normal file
|
@ -0,0 +1,17 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
let
|
||||
caKnownHostsFile = pkgs.writeText "ca-known-hosts" ''
|
||||
@cert-authority * ${builtins.readFile ../../../secrets/server-ca.pub}
|
||||
'';
|
||||
in {
|
||||
programs.ssh = {
|
||||
extraConfig = ''
|
||||
CanonicalizeHostname yes
|
||||
CanonicalDomains int.as205479.net as205479.net
|
||||
CanonicalizeMaxDots 0
|
||||
CanonicalizePermittedCNAMEs *.lukegb.com:*.as205479.net,*.int.as205479.net *.lukegb.dev:*.as205479.net,*.int.as205479.net *.zxcvbnm.ninja:*.as205479.net,*.int.as205479.net
|
||||
'';
|
||||
userKnownHostsFile = "~/.ssh/known_hosts ${caKnownHostsFile}";
|
||||
};
|
||||
}
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, depot, lib, config, ... }:
|
||||
{
|
||||
imports = [ ./graphical-client-wayland.nix ];
|
||||
imports = [ ./graphical-client-wayland.nix ./ext.nix ];
|
||||
|
||||
config = {
|
||||
programs.keychain = {
|
||||
|
|
Loading…
Reference in a new issue