ssh: separate mezza account for git.pub.solar

2024-11-12 22:30:16 +01:00 · 2024-11-12 22:30:16 +01:00 · 9accabdc6a
parent dcfc8728b3
commit 9accabdc6a
2 changed files with 12 additions and 4 deletions
--- a/hosts/frikandel/unbound.nix
+++ b/hosts/frikandel/unbound.nix
@ -56,6 +56,7 @@
        ];
        local-zone = [
          "\"b12f.io\" transparent"
+          "\"pub.solar\" transparent"
        ];
        local-data = [
          "\"stroopwafel.b12f.io. 10800 IN A 10.13.12.5\""
@ -106,6 +107,8 @@
          "\"h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
          "\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\""
          "\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\""
+
+          "\"mezza.git.pub.solar. 10800 IN CNAME git.pub.solar\""
        ];

        tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
--- a/users/b12f/ssh.nix
+++ b/users/b12f/ssh.nix
@ -32,16 +32,21 @@ in {
      enable = true;
      extraConfig = ''
        IdentitiesOnly yes
-        IdentityFile /home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub
-        IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_mezza
-        IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-464
-        IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-485
      '';
      matchBlocks = {
+        "* !mezza.git.pub.solar".extraOptions = {
+          IdentityFile = "/home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub";
+        };
+
        "git.pub.solar" = {
          user = "gitea";
        };

+        "mezza.git.pub.solar" = {
+          user = "gitea";
+          identityFile = "/home/${psCfg.user.name}/.ssh/id_ed25519_mezza";
+        };
+
        "aur.archlinux.org" = {
          user = "aur";
        };