From 09976d2967bb1d11b3a1f709ec276a2b445e1304 Mon Sep 17 00:00:00 2001
From: Thomas Dehaeze <dehaeze.thomas@gmail.com>
Date: Sun, 6 Feb 2022 21:41:26 +0100
Subject: [PATCH] Add nice SSH config for esrf machines

Also remove unused netrc config
---
 config.org | 83 ++++++++++++++----------------------------------------
 1 file changed, 21 insertions(+), 62 deletions(-)

diff --git a/config.org b/config.org
index ff4a619..8708a94 100644
--- a/config.org
+++ b/config.org
@@ -2,38 +2,41 @@
 #+SETUPFILE: ./setup/org-setup-file.org
 
 * SSH
-:PROPERTIES:
-:header-args: :tangle ~/.ssh/config
-:header-args+: :comments none :mkdirp yes
-:END:
-
-#+begin_src conf :noweb yes
+#+begin_src conf :noweb yes :tangle ~/.ssh/config :comments none :mkdirp yes
 AddKeysToAgent  yes
 
+Host *
+   ControlMaster auto
+   ControlPath ~/.ssh/master-%r@%h:%p.socket
+
 Host homelab
     hostname <<get-password(passname="ip/homelab")>>
     Port 22
     user thomas
     IdentityFile ~/.ssh/id_rsa
 
-Host router
-    hostname 192.168.1.1
-    Port 22
-    user root
+Host *.esrf.fr
+    User dehaeze
     IdentityFile ~/.ssh/id_rsa
 
-Host smarttv
-    hostname 192.168.1.73
-    Port 22
-    user thomas
-    IdentityFile ~/.ssh/id_rsa
+Host firewall.esrf.fr
+    Port 5022
+    Compression yes
 
-Host oneplus
-    hostname 192.168.1.101
-    Port 8022
+Match host *.esrf.fr !host firewall.esrf.fr !exec "~/.ssh/esrf-test"
+    ProxyJump firewall.esrf.fr
+
+
+Host rnice
+    Port 22
+    user dehaeze
     IdentityFile ~/.ssh/id_rsa
 #+end_src
 
+#+begin_src bash :tangle ~/.ssh/esrf-test :comments none :mkdirp yes :shebang "#!/usr/bin/env bash" :tangle-mode (identity #o555)
+test -n "$(timeout 1s dig +short proxy.esrf.fr.)"
+#+end_src
+
 * Font
 :PROPERTIES:
 :header-args: :tangle ~/.config/fontconfig/fonts.conf
@@ -721,51 +724,7 @@ include "/usr/share/X11/locale/en_US.UTF-8/Compose"
 It is very important that =~/.netrc= as =600= permissions.
 
 #+begin_src conf :comments none :mkdirp yes :noweb yes :tangle ~/.netrc :tangle-mode (identity #o600)
-machine traefik.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="traefik.tdehaeze.xyz/tdehaeze")>>
-
-machine portainer.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="portainer.tdehaeze.xyz/tdehaeze")>>
-
-machine cloud.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="cloud.tdehaeze.xyz/tdehaeze")>>
-
-machine syncthing.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="syncthing.tdehaeze.xyz/tdehaeze")>>
-
 machine torrent.tdehaeze.xyz
 login tdehaeze
 password <<get-password(passname="nas/transmission")>>
-
-machine dl.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="dl.tdehaeze.xyz/tdehaeze")>>
-
-machine deemix.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="deemix.tdehaeze.xyz/tdehaeze")>>
-
-machine octoprint.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="octoprint.tdehaeze.xyz/tdehaeze")>>
-
-machine adguardhome.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="adguardhome.tdehaeze.xyz/tdehaeze")>>
-
-machine qobuz.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="qobuz.tdehaeze.xyz/tdehaeze")>>
-
-machine down.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="down.tdehaeze.xyz/tdehaeze")>>
-
-machine joal.tdehaeze.xyz
-login tdehaeze
-password <<get-password(passname="joal.tdehaeze.xyz/tdehaeze")>>
 #+end_src