hosts: don't proxy tailscale connections

profiles/known-hosts/default.nix

@@ -57,6 +57,9 @@ let
   thisHostIsHopHost = elem config.networking.fqdn (lib.forEach (attrValues known-hosts) (host: host.ssh.proxyJump or null));
 
   mkRemoteConfig = fqdn: let
+    thatName = lib.head lib.splitString "." fqdn;
+    thatDomain = lib.concatStringsSep "." (lib.tail (lib.splitString "." fqdn));
+
     thatHost = known-hosts.${fqdn};
     thatJump = known-hosts.${thatHost.ssh.proxyJump};
     buildMachine = thatHost.buildMachine // {
@@ -108,7 +111,7 @@ let
         Host ${fqdn}
           ConnectTimeout ${toString thatHost.ssh.connectTimeout}
           Port ${toString thatHost.ssh.listenPort}
-          ${lib.optionalString (thatHost.ssh ? proxyJump) ''
+          ${lib.optionalString (thatHost.ssh ? proxyJump && !lib.elem thatDomain (thatHost.noProxyJumpDomains or [])) ''
             ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${toString thatJump.ssh.listenPort}
           ''}
           ${lib.optionalString (thatHost.ssh ? userPrivateKey) ''

profiles/known-hosts/hosts.toml

@@ -18,6 +18,7 @@
 # ssh.userPublicKey     # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub
 # useAsSubstituter
 # remoteStoreSpecialization
+# noProxyJumpTLDs
 
 
 # buildMachine.supportedFeatures:
@@ -41,6 +42,7 @@ ssh.listenPort = 22
 ssh.connectTimeout = 3
 useAsSubstituter = false
 remoteStoreSpecialization = false
+noProxyJumpDomains = [ "tail9aac63.ts.net" ]
 
 # in general:
 #   headless:  one job per 4 threads and 8GB RAM