From 3ef917bec25342730c8f3e15406e1fca8175ec4d Mon Sep 17 00:00:00 2001 From: Timo Wilken Date: Tue, 4 Jun 2024 14:13:26 +0200 Subject: Allow configuring SSH key for CERN laptop Replace old, now-unused CERN config parameter with the new parameters. --- tw/home.scm | 13 +++++++------ tw/home/cern.scm | 4 +++- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/tw/home.scm b/tw/home.scm index fc969164..c5f2934f 100644 --- a/tw/home.scm +++ b/tw/home.scm @@ -199,7 +199,10 @@ (openssh-host (name host) (port port) (user "timo"))) (export tw-openssh-configuration) -(define* (tw-openssh-configuration #:key (proxy-to-cern? #t)) +(define* (tw-openssh-configuration + #:key + (default-ssh-key "~/.local/share/ssh-keys/id_ed25519") + (cern-ssh-key "~/.local/share/ssh-keys/cern_id_rsa")) (let ((no-proxy (list (proxy-jump (host-name "none"))))) (home-openssh-configuration (hosts @@ -258,10 +261,8 @@ ,(openssh-host (name "*.cern.ch") (user "twilken") - (identity-file "~/.local/share/ssh-keys/cern_id_rsa") - (proxy (if proxy-to-cern? - (list (proxy-jump (host-name "lxtunnel.cern.ch"))) - no-proxy)) + (identity-file cern-ssh-key) + (proxy (list (proxy-jump (host-name "lxtunnel.cern.ch")))) (extra-content "\ # Kerberos authentication GSSAPIAuthentication yes @@ -272,6 +273,6 @@ ;; manages that and might delete keys there. ,(openssh-host (name "*") - (identity-file "~/.local/share/ssh-keys/id_ed25519") + (identity-file default-ssh-key) ;; Remote servers probably don't know about xterm-kitty. (extra-content "SetEnv TERM=xterm-256color"))))))) diff --git a/tw/home/cern.scm b/tw/home/cern.scm index e7d669c0..a653bde7 100644 --- a/tw/home/cern.scm +++ b/tw/home/cern.scm @@ -75,7 +75,9 @@ (default-signing-key "C2249BBE5E8761C943A0CFA1B7B3914BF63ACD7C"))) (service home-openssh-service-type - (tw-openssh-configuration)) + (tw-openssh-configuration + ;; There is no separate "private" SSH key. + #:default-ssh-key "~/.local/share/ssh-keys/cern_id_rsa")) (service home-gnupg-service-type (home-gnupg-configuration -- cgit v1.2.3