makefu/stockholm
1
0
Fork 0
Code Issues Pull requests Actions 1 Packages Projects Releases Wiki Activity

tv ssh: init

Browse source
This commit is contained in:
tv 2016-07-23 12:18:46 +02:00
parent ad816aaa28
commit d80762acc8
3 changed files with 26 additions and 39 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
tv/1systems/zu.nix
View file

@ -194,36 +194,4 @@ with config.krebs.lib;
# The NixOS release to be compatible with for stateful data such as databases. # The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09"; system.stateVersion = "15.09";
#/*
#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}';
# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}';
# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; }
#*/
# networking.extraHosts = optionalString (1 == 1) ''
#54.255.133.72 api.zalora.sg
#52.77.12.194 bob.zalora.sg
#52.74.232.49 www.zalora.sg costa.zalora.sg
# '';
#services.elasticsearch.enable = true;
#services.kibana.enable = true;
#services.logstash.enable = true;
environment.etc."ssh/ssh_config".text = mkForce ''
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
${optionalString config.programs.ssh.setXAuthLocation ''
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
''}
ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
# Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
#PubkeyAcceptedKeyTypes +ssh-dss
${config.programs.ssh.extraConfig}
'';
} }

8
tv/2configs/default.nix
View file

@ -28,6 +28,7 @@ with config.krebs.lib;
./audit.nix ./audit.nix
./backup.nix ./backup.nix
./nginx ./nginx
./ssh.nix
./vim.nix ./vim.nix
{ {
# stockholm dependencies # stockholm dependencies
@ -140,13 +141,6 @@ with config.krebs.lib;
fi fi
''; '';
}; };
programs.ssh = {
extraConfig = ''
UseRoaming no
'';
startAgent = false;
};
} }
{ {

25
tv/2configs/ssh.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, pkgs, ... }:
with config.krebs.lib;
{
# Override NixOS's "Allow DSA keys for now."
environment.etc."ssh/ssh_config".text = mkForce ''
AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
${optionalString config.programs.ssh.setXAuthLocation ''
XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
''}
ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
${config.programs.ssh.extraConfig}
'';
programs.ssh = {
extraConfig = ''
UseRoaming no
'';
startAgent = false;
};
}