From 10a57d33d08d2c71518d70ab3d3f3b6303d9a4b2 Mon Sep 17 00:00:00 2001
From: Timo Wilken
Date: Wed, 22 Feb 2023 11:27:14 +0100
Subject: Fix SSH setup for CERN

---
 tw/home.scm        | 23 ++++++++---------------
 tw/system/cern.scm |  5 +++++
 2 files changed, 13 insertions(+), 15 deletions(-)

(limited to 'tw')

diff --git a/tw/home.scm b/tw/home.scm
index 6968ae98..7112dcf0 100644
--- a/tw/home.scm
+++ b/tw/home.scm
@@ -186,15 +186,10 @@ auto-expand-secmem
      (home-openssh-configuration
       (hosts
        ;; Earlier rules take precedence over later ones.
-       `(,(openssh-host (name "*.srcf.net") (user "tw466"))
-         ;; My own machines
-         ,@(map make-own-ssh-host (map car %ssh-ports) (map cdr %ssh-ports))
-         ,@(map make-own-ssh-host (map (compose wireguardify car) %ssh-ports) (map cdr %ssh-ports))
-         ,(openssh-host (name "*.fritz.box") (proxy-command "ssh -W '[%h]:%p' lud.twilken.net"))
-         ;; Git hosts
+       `(;; Git hosts
          ,@(map (lambda (host) (openssh-host (name host) (user "git")))
-                '("github.com" "ssh.github.com" "bitbucket.org"))
-         ,(openssh-host (name "gitlab.cern.ch") (port 7999) (user "git") (proxy-command "none"))
+                '("github.com" "ssh.github.com"))
+         ,(openssh-host (name "gitlab.cern.ch") (port 7999) (user "git"))
          ;; BitBucket apparently only supports ssh-rsa.
          ,(openssh-host
            (name "bitbucket.org")
@@ -203,16 +198,14 @@ auto-expand-secmem
          ;; CERN stuff
          ,(openssh-host
            (name "lxplus.cern.ch")
-           (proxy-command "none")    ; avoid ProxyJump loops
            (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
          ,(openssh-host
            (name "cvmfs-alice.cern.ch")
            (extra-content "GSSAPIDelegateCredentials yes"))   ; needed for EOS home mount
          ,(openssh-host
-           (name "twilkendesktop.cern.ch")
-           (port 22022)
-           (forward-x11? #t)
-           (extra-content "GSSAPIDelegateCredentials yes"))
+           (name "tw-mailproc.cern.ch")
+           (user "root")
+           (identity-file "~/.local/share/ssh-keys/openstack_personal_id_rsa"))
          ,@(map (lambda (spec)
                   (openssh-host (name (car spec)) (user (cdr spec))
                                 (identity-file "~/.local/share/ssh-keys/alicern_id_rsa")))
@@ -225,12 +218,12 @@ auto-expand-secmem
                   ("alimesos*.cern.ch" . "root")
                   ("alientest*.cern.ch" . "root")
                   ("aliflow*.cern.ch" . "root")
-                  ("alijenkins*.cern.ch" . "root")))
+                  ("alijenkins*.cern.ch" . "root")
+                  ("arm-builder-*" . "centos")))
          ,(openssh-host
            (name "*.cern.ch")
            (user "twilken")
            (identity-file "~/.local/share/ssh-keys/cern_id_rsa")
-           (proxy-command "ssh -W '[%h]:%p' -l twilken lxplus.cern.ch")
            (extra-content  "\
   # Kerberos authentication
   GSSAPIAuthentication yes
diff --git a/tw/system/cern.scm b/tw/system/cern.scm
index 76cae0bf..31122abc 100644
--- a/tw/system/cern.scm
+++ b/tw/system/cern.scm
@@ -207,6 +207,11 @@
                      (string-append #$(file-append util-linux "/sbin/fstrim")
                                     " --fstab --verbose"))))
 
+      (simple-service 'arm-builders hosts-service-type
+        (list (host "188.184.68.217" "arm-builder-1")
+              (host "188.184.71.187" "arm-builder-2")
+              (host "188.184.69.33" "arm-builder-3")))
+
       (service openssh-service-type
         (openssh-configuration
          (port-number 22022)
-- 
cgit v1.2.3