summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--accounts/gkleen@sif/default.nix2
-rw-r--r--accounts/gkleen@sif/ssh-hosts.nix12
-rw-r--r--accounts/gkleen@sif/ssh/uniworx.de-ca.pub1
3 files changed, 14 insertions, 1 deletions
diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix
index 39e17828..de315ede 100644
--- a/accounts/gkleen@sif/default.nix
+++ b/accounts/gkleen@sif/default.nix
@@ -91,7 +91,7 @@ in {
91 Match host mathw0g.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null" 91 Match host mathw0g.mathinst.loc !exec "nc -z -w 1 %h %p &>/dev/null"
92 HostName mathw0g.math.lmu.de 92 HostName mathw0g.math.lmu.de
93 93
94 Match host *.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null" 94 Match host *.cipmath.loc !host cip04.cipmath.loc !exec "nc -z -w 1 %h %p &>/dev/null"
95 ProxyJump cip04 95 ProxyJump cip04
96 96
97 Match host *.ifi.lmu.de,*.math.lmu.de 97 Match host *.ifi.lmu.de,*.math.lmu.de
diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix
index 0021c75e..d6f7c1dc 100644
--- a/accounts/gkleen@sif/ssh-hosts.nix
+++ b/accounts/gkleen@sif/ssh-hosts.nix
@@ -423,6 +423,7 @@
423 }; 423 };
424 "cip04" = 424 "cip04" =
425 { hostname = "cip04.cipmath.loc"; 425 { hostname = "cip04.cipmath.loc";
426 proxyJump = "mathw0h";
426 }; 427 };
427 "mgmt01" = 428 "mgmt01" =
428 { hostname = "mgmt01.mathinst.loc"; 429 { hostname = "mgmt01.mathinst.loc";
@@ -468,4 +469,15 @@
468 user = "git"; 469 user = "git";
469 identityFile = "~/.ssh/gitlab.com"; 470 identityFile = "~/.ssh/gitlab.com";
470 }; 471 };
472 "*.uniworx.de" =
473 { user = "gkleen";
474 identityFile = "~/.ssh/gkleen@uniworx.de";
475 certificateFile = "~/.ssh/gkleen@uniworx.de-cert.pub";
476 extraOptions = {
477 UpdateHostKeys = "no";
478 UserKnownHostsFile = toString (pkgs.writeText "ssh_known_hosts" ''
479 @cert-authority *.uniworx.de ${builtins.readFile ./ssh/uniworx.de-ca.pub}
480 '');
481 };
482 };
471} 483}
diff --git a/accounts/gkleen@sif/ssh/uniworx.de-ca.pub b/accounts/gkleen@sif/ssh/uniworx.de-ca.pub
new file mode 100644
index 00000000..bfc6de25
--- /dev/null
+++ b/accounts/gkleen@sif/ssh/uniworx.de-ca.pub
@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFAQPbCJTfCUizidvy2KZymO5xJcmXC8DE3xeky7b8XZ Certificate Authority for *.uniworx.de