From bd4dabf03a6c408e7f277527ab92961d1767e916 Mon Sep 17 00:00:00 2001 From: Rodrigo Arias Mallo Date: Tue, 10 Sep 2024 15:03:03 +0200 Subject: [PATCH] Only proxy SSH git remotes via hut in xeon Other machines like raccoon have direct access. --- m/common/base/ssh.nix | 7 ------- m/common/xeon.nix | 3 ++- m/common/xeon/ssh.nix | 8 ++++++++ 3 files changed, 10 insertions(+), 8 deletions(-) create mode 100644 m/common/xeon/ssh.nix diff --git a/m/common/base/ssh.nix b/m/common/base/ssh.nix index 5e12ede3..fe0bd390 100644 --- a/m/common/base/ssh.nix +++ b/m/common/base/ssh.nix @@ -8,13 +8,6 @@ in # Enable the OpenSSH daemon. services.openssh.enable = true; - # Connect to intranet git hosts via proxy - programs.ssh.extraConfig = '' - Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es - User git - ProxyCommand nc -X connect -x hut:23080 %h %p - ''; - programs.ssh.knownHosts = hostsKeys // { "gitlab-internal.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9arsAOSRB06hdy71oTvJHG2Mg8zfebADxpvc37lZo3"; "bscpm03.bsc.es".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIM2NuSUPsEhqz1j5b4Gqd+MWFnRqyqY57+xMvBUqHYUS"; diff --git a/m/common/xeon.nix b/m/common/xeon.nix index 30cf73c3..146e018c 100644 --- a/m/common/xeon.nix +++ b/m/common/xeon.nix @@ -2,8 +2,9 @@ # Provides the base system for a xeon node. imports = [ ./base.nix - ./xeon/fs.nix ./xeon/console.nix + ./xeon/fs.nix ./xeon/net.nix + ./xeon/ssh.nix ]; } diff --git a/m/common/xeon/ssh.nix b/m/common/xeon/ssh.nix new file mode 100644 index 00000000..a5867df7 --- /dev/null +++ b/m/common/xeon/ssh.nix @@ -0,0 +1,8 @@ +{ + # Connect to intranet git hosts via proxy + programs.ssh.extraConfig = '' + Host bscpm02.bsc.es bscpm03.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es + User git + ProxyCommand nc -X connect -x hut:23080 %h %p + ''; +}