tv ssh: init

2016-07-23 12:18:46 +02:00 · 2016-07-23 12:18:46 +02:00 · d80762acc8
commit d80762acc8
parent ad816aaa28
3 changed files with 26 additions and 39 deletions
--- a/tv/1systems/zu.nix
+++ b/tv/1systems/zu.nix
@ -194,36 +194,4 @@ with config.krebs.lib;

  # The NixOS release to be compatible with for stateful data such as databases.
  system.stateVersion = "15.09";
-
-#/*
-#{ host api.doraemon.sg.zalora.net | awk '{print$4" api.zalora.sg"}';
-#  host bob.live.sg.zalora.net | awk '{print$4" bob.zalora.sg"}';
-#  host www.live.sg.zalora.net | awk '{print$4" www.zalora.sg costa.zalora.sg"}'; }
-#*/
-#  networking.extraHosts = optionalString (1 == 1) ''
-#54.255.133.72 api.zalora.sg
-#52.77.12.194 bob.zalora.sg
-#52.74.232.49 www.zalora.sg costa.zalora.sg
-#  '';
-
-
-  #services.elasticsearch.enable = true;
-  #services.kibana.enable = true;
-  #services.logstash.enable = true;
-
-  environment.etc."ssh/ssh_config".text = mkForce ''
-    AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
-
-    ${optionalString config.programs.ssh.setXAuthLocation ''
-      XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
-    ''}
-
-    ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
-
-    # Allow DSA keys for now. (These were deprecated in OpenSSH 7.0.)
-    #PubkeyAcceptedKeyTypes +ssh-dss
-
-    ${config.programs.ssh.extraConfig}
-  '';
-
 }
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@ -28,6 +28,7 @@ with config.krebs.lib;
    ./audit.nix
    ./backup.nix
    ./nginx
+    ./ssh.nix
    ./vim.nix
    {
      # stockholm dependencies
@ -140,13 +141,6 @@ with config.krebs.lib;
          fi
        '';
      };
-
-      programs.ssh = {
-        extraConfig = ''
-          UseRoaming no
-        '';
-        startAgent = false;
-      };
    }

    {
--- a/tv/2configs/ssh.nix
+++ b/tv/2configs/ssh.nix
@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+  # Override NixOS's "Allow DSA keys for now."
+  environment.etc."ssh/ssh_config".text = mkForce ''
+    AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+
+    ${optionalString config.programs.ssh.setXAuthLocation ''
+      XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+    ''}
+
+    ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
+
+    ${config.programs.ssh.extraConfig}
+  '';
+
+  programs.ssh = {
+    extraConfig = ''
+      UseRoaming no
+    '';
+    startAgent = false;
+  };
+}