From f1416214cf242c5e1148cd68cc79eefa431149a5 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Fri, 21 Apr 2023 19:03:33 +0200
Subject: Use new openssh-host-proxy field

The openssl-host-proxy-command field is deprecated by Guix.
---
 tw/home.scm | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

(limited to 'tw/home.scm')

diff --git a/tw/home.scm b/tw/home.scm
index e77b672d..e4bab36b 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -80,6 +80,7 @@ auto-expand-secmem
   (openssh-host (name host) (port port) (user "timo")))
 
 (define-public (openssh-service proxy-to-cern?)
+  (define no-proxy (list (proxy-jump (host-name "none"))))
   (service home-openssh-service-type
     (home-openssh-configuration
      (hosts
@@ -88,7 +89,7 @@ auto-expand-secmem
         ;; My own machines
         ,@(map make-own-ssh-host (map car %ssh-ports) (map cdr %ssh-ports))
         ,@(map make-own-ssh-host (map (compose wireguardify car) %ssh-ports) (map cdr %ssh-ports))
-        ,(openssh-host (name "*.fritz.box") (proxy-command "ssh -W '[%h]:%p' lud.twilken.net"))
+        ,(openssh-host (name "*.fritz.box") (proxy (list (proxy-jump (host-name "lud.twilken.net")))))
         ;; Git hosts
         ,(openssh-host (name "github.com") (user "git"))
         ,(openssh-host (name "ssh.github.com") (user "git"))
@@ -96,7 +97,7 @@ auto-expand-secmem
           (name "gitlab.cern.ch")
           (user "git")
           (port 7999)
-          (proxy-command "none"))
+          (proxy no-proxy))
         ;; BitBucket apparently only supports ssh-rsa.
         ,(openssh-host
           (name "bitbucket.org")
@@ -106,10 +107,10 @@ auto-expand-secmem
         ;; CERN stuff
         ,(openssh-host
           (name "lxtunnel.cern.ch")
-          (proxy-command "none"))    ; avoid ProxyJump loops
+          (proxy no-proxy))    ; avoid ProxyJump loops
         ,(openssh-host
           (name "lxplus.cern.ch")
-          (proxy-command "none")     ; no jump needed
+          (proxy no-proxy)     ; no jump needed
           (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
         ;; Needed for EOS home mount.
         ,@(map (lambda (host)
@@ -140,9 +141,9 @@ auto-expand-secmem
           (name "*.cern.ch")
           (user "twilken")
           (identity-file "~/.local/share/ssh-keys/cern_id_rsa")
-          (proxy-command (if proxy-to-cern?
-                             "ssh -W '[%h]:%p' -l twilken lxtunnel.cern.ch"
-                             "none"))
+          (proxy (if proxy-to-cern?
+                     (list (proxy-jump (host-name "lxtunnel.cern.ch")))
+                     no-proxy))
           (extra-content  "\
   # Kerberos authentication
   GSSAPIAuthentication yes
-- 
cgit v1.2.3