From a48b7e66f17c2aa44fb0e1aec147f5a66cd15682 Mon Sep 17 00:00:00 2001
From: Yorick van Pelt <yorick@yorickvanpelt.nl>
Date: Sat, 24 Jun 2017 13:36:15 +0200
Subject: [PATCH] generate tor ssh host forwards from secrets

---
 roles/common.nix | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/roles/common.nix b/roles/common.nix
index 9cf115b..3dad562 100644
--- a/roles/common.nix
+++ b/roles/common.nix
@@ -33,8 +33,8 @@ in
   nix.extraOptions = ''
     allow-unsafe-native-code-during-evaluation = true
     allow-unfree = true
-    binary-caches-parallel-connections = 3
-    connect-timeout = 5
+    #binary-caches-parallel-connections = 3
+    #connect-timeout = 5
     keep-going = true
   '';
 
@@ -55,7 +55,12 @@ in
   programs.ssh.extraConfig = ''
     Host *.onion
       ProxyCommand nc -xlocalhost:9050 -X5 %h %p
-  '';
+  '' +
+  (with lib; (flip concatMapStrings) (filter (hasPrefix "ssh.") (attrNames secrets.tor_hostnames)) (name: ''
+    Host ${removePrefix "ssh." name}.onion
+        hostname ${secrets.tor_hostnames.${name}}
+    ''
+    ));
 
   environment.systemPackages = with pkgs; [
     # v important.
@@ -100,6 +105,5 @@ in
   nix.gc.automatic = true;
 
   security.acme.preliminarySelfsigned = true;
-
 }