Commit 092a5c552f40
Changed files (1)
home
common
shell
home/common/shell/openssh.nix
@@ -60,6 +60,18 @@ in
# Generate shpool session aliases for each machine dynamically
let
inherit (pkgs) lib;
+ # Critical infra hosts that need touch-required key
+ criticalInfraHosts = [
+ "athena.home"
+ "athena.vpn"
+ "athena.sbr.pm"
+ "demeter.home"
+ "demeter.vpn"
+ "demeter.sbr.pm"
+ "kerkouane.vpn"
+ "kerkouane.sbr.pm"
+ ];
+ isCriticalInfra = id: builtins.elem id criticalInfraHosts;
mkShpoolAliases =
_: machine:
let
@@ -78,9 +90,11 @@ in
builtins.head machine.net.ips
else
id;
+ # Use critical infra key for critical hosts, homelab key for others
+ identityFile = if isCriticalInfra id then "~/.ssh/id_critical_infra_sk" else "~/.ssh/id_homelab_sk";
+ identitiesOnly = true;
extraOptions = {
RemoteCommand = "shpool-ssh-wrapper $(echo '%k' | cut -d/ -f2-)";
- # RemoteCommand = "bash -ic '[ -f ~/.local/share/kitty-ssh-kitten/zsh/kitty-integration ] && source ~/.local/share/kitty-ssh-kitten/zsh/kitty-integration 2>/dev/null; exec shpool-ssh-wrapper $(echo \"%k\" | cut -d/ -f2-)'";
RequestTTY = "yes";
};
};