fix configuration for SAPI

2 files changed, 11 insertions, 4 deletions

diff --git a/nix/users/fcuny/ssh.nix b/nix/users/fcuny/ssh.nix
index ca0baca..f8c1468 100644
--- a/nix/users/fcuny/ssh.nix
+++ b/nix/users/fcuny/ssh.nix
@@ -25,9 +25,15 @@
           preferredAuthentications = "publickey";
         };
       };
+      "chi1-jumpcontainer-es" = {
+        hostname = "127.0.0.1";
+        port = 44641;
+        extraOptions = {
+          NoHostAuthenticationForLocalhost = "yes";
+          ControlPath = "~/.ssh/sapi_controlmasters/%r@%h:%p";
+          ControlPersist = "10m";
+        };
+      };
     };
   };
-
-  # if the configuration for SAPI exists, let's include it.
-  programs.ssh.includes = lib.optional (builtins.pathExists "/Users/fcuny/.ssh/config/config_sapi") "~/.ssh/config/config_sapi";
 }
diff --git a/nix/users/fcuny/work.nix b/nix/users/fcuny/work.nix
index 996e4b9..f931d08 100644
--- a/nix/users/fcuny/work.nix
+++ b/nix/users/fcuny/work.nix
@@ -18,7 +18,8 @@
   programs.fish = {
     shellAbbrs = {
       "ssh-sign-chi" =
-        "${pkgs.hashi}/bin/hashi -e chi1 sign --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
+        "${pkgs.hashi}/bin/hashi -e chi1 sign --output-path=/Users/fcuny/.ssh/cert-chi1 --key=(op read 'op://employee/default rbx ssh key/public key'|psub) key";
+      "pssh" = "ssh -J chi1-jumpcontainer-es -o 'CertificateFile=~/.ssh/cert-chi1'";
     };
   };
 }