diff options
author | Timo Wilken | 2023-02-22 11:27:14 +0100 |
---|---|---|
committer | Timo Wilken | 2023-03-04 19:23:26 +0100 |
commit | 10a57d33d08d2c71518d70ab3d3f3b6303d9a4b2 (patch) | |
tree | 0b0f537d661f642e234acdb7eff1e2140e935271 /tw | |
parent | c609ea215989fe2bbf87552c543a317f26fe6a49 (diff) |
Fix SSH setup for CERN
Diffstat (limited to 'tw')
-rw-r--r-- | tw/home.scm | 23 | ||||
-rw-r--r-- | tw/system/cern.scm | 5 |
2 files changed, 13 insertions, 15 deletions
diff --git a/tw/home.scm b/tw/home.scm index 6968ae98..7112dcf0 100644 --- a/tw/home.scm +++ b/tw/home.scm @@ -186,15 +186,10 @@ auto-expand-secmem (home-openssh-configuration (hosts ;; Earlier rules take precedence over later ones. - `(,(openssh-host (name "*.srcf.net") (user "tw466")) - ;; My own machines - ,@(map make-own-ssh-host (map car %ssh-ports) (map cdr %ssh-ports)) - ,@(map make-own-ssh-host (map (compose wireguardify car) %ssh-ports) (map cdr %ssh-ports)) - ,(openssh-host (name "*.fritz.box") (proxy-command "ssh -W '[%h]:%p' lud.twilken.net")) - ;; Git hosts + `(;; Git hosts ,@(map (lambda (host) (openssh-host (name host) (user "git"))) - '("github.com" "ssh.github.com" "bitbucket.org")) - ,(openssh-host (name "gitlab.cern.ch") (port 7999) (user "git") (proxy-command "none")) + '("github.com" "ssh.github.com")) + ,(openssh-host (name "gitlab.cern.ch") (port 7999) (user "git")) ;; BitBucket apparently only supports ssh-rsa. ,(openssh-host (name "bitbucket.org") @@ -203,16 +198,14 @@ auto-expand-secmem ;; CERN stuff ,(openssh-host (name "lxplus.cern.ch") - (proxy-command "none") ; avoid ProxyJump loops (extra-content "GSSAPIDelegateCredentials yes")) ; needed for EOS home mount ,(openssh-host (name "cvmfs-alice.cern.ch") (extra-content "GSSAPIDelegateCredentials yes")) ; needed for EOS home mount ,(openssh-host - (name "twilkendesktop.cern.ch") - (port 22022) - (forward-x11? #t) - (extra-content "GSSAPIDelegateCredentials yes")) + (name "tw-mailproc.cern.ch") + (user "root") + (identity-file "~/.local/share/ssh-keys/openstack_personal_id_rsa")) ,@(map (lambda (spec) (openssh-host (name (car spec)) (user (cdr spec)) (identity-file "~/.local/share/ssh-keys/alicern_id_rsa"))) @@ -225,12 +218,12 @@ auto-expand-secmem ("alimesos*.cern.ch" . "root") ("alientest*.cern.ch" . "root") ("aliflow*.cern.ch" . "root") - ("alijenkins*.cern.ch" . "root"))) + ("alijenkins*.cern.ch" . "root") + ("arm-builder-*" . "centos"))) ,(openssh-host (name "*.cern.ch") (user "twilken") (identity-file "~/.local/share/ssh-keys/cern_id_rsa") - (proxy-command "ssh -W '[%h]:%p' -l twilken lxplus.cern.ch") (extra-content "\ # Kerberos authentication GSSAPIAuthentication yes diff --git a/tw/system/cern.scm b/tw/system/cern.scm index 76cae0bf..31122abc 100644 --- a/tw/system/cern.scm +++ b/tw/system/cern.scm @@ -207,6 +207,11 @@ (string-append #$(file-append util-linux "/sbin/fstrim") " --fstab --verbose")))) + (simple-service 'arm-builders hosts-service-type + (list (host "188.184.68.217" "arm-builder-1") + (host "188.184.71.187" "arm-builder-2") + (host "188.184.69.33" "arm-builder-3"))) + (service openssh-service-type (openssh-configuration (port-number 22022) |