diff options
author | tv <tv@krebsco.de> | 2016-07-23 12:18:46 +0200 |
---|---|---|
committer | tv <tv@krebsco.de> | 2016-07-23 12:55:04 +0200 |
commit | d80762acc8f626004cc8bfa51e7a3927f351d067 (patch) | |
tree | afd1ecad905b6b764c8086595d128b0d6f8530ee | |
parent | ad816aaa281094fc4fde1755de618440a5a1df28 (diff) |
tv ssh: init
-rw-r--r-- | tv/1systems/zu.nix | 32 | ||||
-rw-r--r-- | tv/2configs/default.nix | 8 | ||||
-rw-r--r-- | tv/2configs/ssh.nix | 25 |
3 files changed, 26 insertions, 39 deletions
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix index bfc018cc3..645c60315 100644 --- a/tv/1systems/zu.nix +++ b/tv/1systems/zu.nix @@ -194,36 +194,4 @@ with config.krebs.lib; # The NixOS release to be compatible with for stateful data such as databases. system.stateVersion = "15.09"; - -#/* -#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}'; -# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}'; -# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; } -#*/ -# networking.extraHosts = optionalString (1 == 1) '' -#54.255.133.72 api.zalora.sg -#52.77.12.194 bob.zalora.sg -#52.74.232.49 www.zalora.sg costa.zalora.sg -# ''; - - - #services.elasticsearch.enable = true; - #services.kibana.enable = true; - #services.logstash.enable = true; - - environment.etc."ssh/ssh_config".text = mkForce '' - AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} - - ${optionalString config.programs.ssh.setXAuthLocation '' - XAuthLocation ${pkgs.xorg.xauth}/bin/xauth - ''} - - ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} - - # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.) - #PubkeyAcceptedKeyTypes +ssh-dss - - ${config.programs.ssh.extraConfig} - ''; - } diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix index 04009f54d..8a14a2465 100644 --- a/tv/2configs/default.nix +++ b/tv/2configs/default.nix @@ -28,6 +28,7 @@ with config.krebs.lib; ./audit.nix ./backup.nix ./nginx + ./ssh.nix ./vim.nix { # stockholm dependencies @@ -140,13 +141,6 @@ with config.krebs.lib; fi ''; }; - - programs.ssh = { - extraConfig = '' - UseRoaming no - ''; - startAgent = false; - }; } { diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix new file mode 100644 index 000000000..7bf583426 --- /dev/null +++ b/tv/2configs/ssh.nix @@ -0,0 +1,25 @@ +{ config, pkgs, ... }: + +with config.krebs.lib; + +{ + # Override NixOS's "Allow DSA keys for now." + environment.etc."ssh/ssh_config".text = mkForce '' + AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"} + + ${optionalString config.programs.ssh.setXAuthLocation '' + XAuthLocation ${pkgs.xorg.xauth}/bin/xauth + ''} + + ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"} + + ${config.programs.ssh.extraConfig} + ''; + + programs.ssh = { + extraConfig = '' + UseRoaming no + ''; + startAgent = false; + }; +} |