updated ssh hosts

2022-10-21 23:35:06 +02:00 · 2022-10-21 23:35:06 +02:00 · 1af3db5216
parent b11ea76d46
commit 1af3db5216
2 changed files with 20 additions and 54 deletions
--- a/home/ssh/default.nix
+++ b/home/ssh/default.nix
@ -1,69 +1,35 @@
 { config, pkgs, ... }:

-{
+let
+  defaultBlock = {
+    identitiesOnly = true;
+    identityFile = "~/.ssh/id_rsa_yubikey.pub";
+    certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
+    forwardAgent = true;
+    port = 22;
+  };
+in {
  home.file.".ssh/id_rsa_yubikey.pub".source = ./id_rsa_yubikey.pub;
  home.file.".ssh/id_rsa_yubikey-cert.pub".source = ./id_rsa_yubikey-cert.pub;
  programs.ssh = {
    enable = true;
    matchBlocks = {

-      "github.com" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-      };
+      "github.com" = defaultBlock;

-      "openwrt" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-        forwardAgent = true;
-        user = "root";
-      };
+      "openwrt" = defaultBlock // { user = "root"; };

-      "narwhal" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
-        forwardAgent = true;
-        port = 22;
-      };
+      "suricata" = defaultBlock;
+      "pikvm" = defaultBlock;
+      "narwhal" = defaultBlock;
+      "trantor" = defaultBlock;
+      "axolotl" = defaultBlock;
+      "caladan" = defaultBlock;
+      "fugu" = defaultBlock;

-      "trantor" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
-        forwardAgent = true;
-        port = 22;
-      };
-
-      "axolotl" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
-        forwardAgent = true;
-        port = 22;
-      };
-
-      "caladan" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
-        forwardAgent = true;
-        port = 22;
-      };
-
-      "fugu" = {
-        identitiesOnly = true;
-        identityFile = "~/.ssh/id_rsa_yubikey.pub";
-        certificateFile = "~/.ssh/id_rsa_yubikey-cert.pub";
-        forwardAgent = true;
-        port = 22;
-      };
-
-      "bitbucket.org" = {
+      "bitbucket.org" = defaultBlock // {
        user = "git";
-        identitiesOnly = true;
        identityFile = "~/.ssh/bitbucket_rsa";
-        port = 22;
      };

    };
--- a/nixos/common.nix
+++ b/nixos/common.nix
@ -221,7 +221,7 @@
    }];

    knownHosts = {
-      "*.monotremata.xyz,10.*,narwhal,suricata,caladan,fugu,snitch,trantor,capibara,axolotl,echidna" =
+      "*.monotremata.xyz,10.*,narwhal,suricata,pikvm,caladan,fugu,snitch,trantor,capibara,axolotl,echidna" =
        {
          certAuthority = true;
          publicKey =