From 7665e352bade01f3fd24bad83e69d5a3bf24bea9 Mon Sep 17 00:00:00 2001 From: Peder Bergebakken Sundt Date: Wed, 2 Jul 2025 17:00:52 +0200 Subject: [PATCH] hosts: don't proxy tailscale connections --- profiles/known-hosts/default.nix | 5 ++++- profiles/known-hosts/hosts.toml | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/profiles/known-hosts/default.nix b/profiles/known-hosts/default.nix index aa776b4..62733a7 100644 --- a/profiles/known-hosts/default.nix +++ b/profiles/known-hosts/default.nix @@ -57,6 +57,9 @@ let thisHostIsHopHost = elem config.networking.fqdn (lib.forEach (attrValues known-hosts) (host: host.ssh.proxyJump or null)); mkRemoteConfig = fqdn: let + thatName = lib.head lib.splitString "." fqdn; + thatDomain = lib.concatStringsSep "." (lib.tail (lib.splitString "." fqdn)); + thatHost = known-hosts.${fqdn}; thatJump = known-hosts.${thatHost.ssh.proxyJump}; buildMachine = thatHost.buildMachine // { @@ -108,7 +111,7 @@ let Host ${fqdn} ConnectTimeout ${toString thatHost.ssh.connectTimeout} Port ${toString thatHost.ssh.listenPort} - ${lib.optionalString (thatHost.ssh ? proxyJump) '' + ${lib.optionalString (thatHost.ssh ? proxyJump && !lib.elem thatDomain (thatHost.noProxyJumpDomains or [])) '' ProxyJump ${thatJump.ssh.listenUser}@${thatHost.ssh.proxyJump}:${toString thatJump.ssh.listenPort} ''} ${lib.optionalString (thatHost.ssh ? userPrivateKey) '' diff --git a/profiles/known-hosts/hosts.toml b/profiles/known-hosts/hosts.toml index 6e40662..deb9ece 100644 --- a/profiles/known-hosts/hosts.toml +++ b/profiles/known-hosts/hosts.toml @@ -18,6 +18,7 @@ # ssh.userPublicKey # sudo ssh-keygen -t ed25519 && sudo cat /root/.ssh/id_ed25519.pub # useAsSubstituter # remoteStoreSpecialization +# noProxyJumpTLDs # buildMachine.supportedFeatures: @@ -41,6 +42,7 @@ ssh.listenPort = 22 ssh.connectTimeout = 3 useAsSubstituter = false remoteStoreSpecialization = false +noProxyJumpDomains = [ "tail9aac63.ts.net" ] # in general: # headless: one job per 4 threads and 8GB RAM