From fb8b4defa7affd73f94453d08fadac4c8804e0a8 Mon Sep 17 00:00:00 2001
From: Rodrigo Arias Mallo <rodrigo.arias@bsc.es>
Date: Tue, 10 Sep 2024 15:03:03 +0200
Subject: [PATCH] Only proxy SSH git remotes via hut in xeon

Other machines like raccoon have direct access.

Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>
---
 m/common/base/ssh.nix | 4 ----
 m/common/xeon.nix     | 3 ++-
 m/common/xeon/ssh.nix | 8 ++++++++
 3 files changed, 10 insertions(+), 5 deletions(-)
 create mode 100644 m/common/xeon/ssh.nix

diff --git a/m/common/base/ssh.nix b/m/common/base/ssh.nix
index b531076..92c2c70 100644
--- a/m/common/base/ssh.nix
+++ b/m/common/base/ssh.nix
@@ -13,10 +13,6 @@ in
     Host bscpm02.bsc.es bscpm03.bsc.es bscpm04.bsc.es gitlab-internal.bsc.es alya.gitlab.bsc.es
       User git
       ProxyCommand nc -X connect -x hut:23080 %h %p
-
-    # Connect to BSC machines via hut proxy too
-    Host amdlogin1.bsc.es armlogin1.bsc.es hualogin1.bsc.es glogin1.bsc.es glogin2.bsc.es fpgalogin1.bsc.es
-      ProxyCommand nc -X connect -x hut:23080 %h %p
   '';
 
   programs.ssh.knownHosts = hostsKeys // {
diff --git a/m/common/xeon.nix b/m/common/xeon.nix
index 30cf73c..146e018 100644
--- a/m/common/xeon.nix
+++ b/m/common/xeon.nix
@@ -2,8 +2,9 @@
   # Provides the base system for a xeon node.
   imports = [
     ./base.nix
-    ./xeon/fs.nix
     ./xeon/console.nix
+    ./xeon/fs.nix
     ./xeon/net.nix
+    ./xeon/ssh.nix
   ];
 }
diff --git a/m/common/xeon/ssh.nix b/m/common/xeon/ssh.nix
new file mode 100644
index 0000000..86978f9
--- /dev/null
+++ b/m/common/xeon/ssh.nix
@@ -0,0 +1,8 @@
+{
+  # Connect to intranet git hosts via proxy
+  programs.ssh.extraConfig = ''
+    # Connect to BSC machines via hut proxy too
+    Host amdlogin1.bsc.es armlogin1.bsc.es hualogin1.bsc.es glogin1.bsc.es glogin2.bsc.es fpgalogin1.bsc.es
+      ProxyCommand nc -X connect -x hut:23080 %h %p
+  '';
+}