summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2016-07-23 12:18:46 +0200
committertv <tv@krebsco.de>2016-07-23 12:55:04 +0200
commitd80762acc8f626004cc8bfa51e7a3927f351d067 (patch)
treeafd1ecad905b6b764c8086595d128b0d6f8530ee
parentad816aaa281094fc4fde1755de618440a5a1df28 (diff)
tv ssh: init
-rw-r--r--tv/1systems/zu.nix32
-rw-r--r--tv/2configs/default.nix8
-rw-r--r--tv/2configs/ssh.nix25
3 files changed, 26 insertions, 39 deletions
diff --git a/tv/1systems/zu.nix b/tv/1systems/zu.nix
index bfc018cc3..645c60315 100644
--- a/tv/1systems/zu.nix
+++ b/tv/1systems/zu.nix
@@ -194,36 +194,4 @@ with config.krebs.lib;
# The NixOS release to be compatible with for stateful data such as databases.
system.stateVersion = "15.09";
-
-#/*
-#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}';
-# host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}';
-# host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; }
-#*/
-# networking.extraHosts = optionalString (1 == 1) ''
-#54.255.133.72 api.zalora.sg
-#52.77.12.194 bob.zalora.sg
-#52.74.232.49 www.zalora.sg costa.zalora.sg
-# '';
-
-
- #services.elasticsearch.enable = true;
- #services.kibana.enable = true;
- #services.logstash.enable = true;
-
- environment.etc."ssh/ssh_config".text = mkForce ''
- AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
-
- ${optionalString config.programs.ssh.setXAuthLocation ''
- XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
- ''}
-
- ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
-
- # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
- #PubkeyAcceptedKeyTypes +ssh-dss
-
- ${config.programs.ssh.extraConfig}
- '';
-
}
diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 04009f54d..8a14a2465 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -28,6 +28,7 @@ with config.krebs.lib;
./audit.nix
./backup.nix
./nginx
+ ./ssh.nix
./vim.nix
{
# stockholm dependencies
@@ -140,13 +141,6 @@ with config.krebs.lib;
fi
'';
};
-
- programs.ssh = {
- extraConfig = ''
- UseRoaming no
- '';
- startAgent = false;
- };
}
{
diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix
new file mode 100644
index 000000000..7bf583426
--- /dev/null
+++ b/tv/2configs/ssh.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+ # Override NixOS's "Allow DSA keys for now."
+ environment.etc."ssh/ssh_config".text = mkForce ''
+ AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+
+ ${optionalString config.programs.ssh.setXAuthLocation ''
+ XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+ ''}
+
+ ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
+
+ ${config.programs.ssh.extraConfig}
+ '';
+
+ programs.ssh = {
+ extraConfig = ''
+ UseRoaming no
+ '';
+ startAgent = false;
+ };
+}