From 9accabdc6a7bb8978e3542f09dc142dd3ceb8ee5 Mon Sep 17 00:00:00 2001 From: b12f Date: Tue, 12 Nov 2024 22:30:16 +0100 Subject: [PATCH] ssh: separate mezza account for git.pub.solar --- hosts/frikandel/unbound.nix | 3 +++ users/b12f/ssh.nix | 13 +++++++++---- 2 files changed, 12 insertions(+), 4 deletions(-) diff --git a/hosts/frikandel/unbound.nix b/hosts/frikandel/unbound.nix index 7cb2301..3f73007 100644 --- a/hosts/frikandel/unbound.nix +++ b/hosts/frikandel/unbound.nix @@ -56,6 +56,7 @@ ]; local-zone = [ "\"b12f.io\" transparent" + "\"pub.solar\" transparent" ]; local-data = [ "\"stroopwafel.b12f.io. 10800 IN A 10.13.12.5\"" @@ -106,6 +107,8 @@ "\"h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" "\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN A 10.13.12.7\"" "\"mail.h${"w" + "dz" + "z.n"}et. 10800 IN AAAA fd00:b12f:acab:1312:acab:7::\"" + + "\"mezza.git.pub.solar. 10800 IN CNAME git.pub.solar\"" ]; tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; diff --git a/users/b12f/ssh.nix b/users/b12f/ssh.nix index 36d7877..96e4a42 100644 --- a/users/b12f/ssh.nix +++ b/users/b12f/ssh.nix @@ -32,16 +32,21 @@ in { enable = true; extraConfig = '' IdentitiesOnly yes - IdentityFile /home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub - IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_mezza - IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-464 - IdentityFile /home/${psCfg.user.name}/.ssh/id_ed25519_sk-485 ''; matchBlocks = { + "* !mezza.git.pub.solar".extraOptions = { + IdentityFile = "/home/${psCfg.user.name}/.ssh/id_yubi_gpg.pub"; + }; + "git.pub.solar" = { user = "gitea"; }; + "mezza.git.pub.solar" = { + user = "gitea"; + identityFile = "/home/${psCfg.user.name}/.ssh/id_ed25519_mezza"; + }; + "aur.archlinux.org" = { user = "aur"; };