From 80d5d36b004d59e2e0a455fa08303eb5e84b175a Mon Sep 17 00:00:00 2001
From: Dmitry Ilvokhin <d@ilvokhin.com>
Date: Sat, 18 Jan 2025 20:12:26 +0000
Subject: Allow forward ssh key to DigitalOcean hosts

I don't really need key forwarding everywhere, only for gate and shell,
but I figured this will simplify configuration a bit. If something goes
wrong, it can always become more strict in the future.
---
 group_vars/digitalocean.yml         | 1 +
 host_vars/gate.ilvokhin.com/ssh.yml | 1 -
 misc/dotfiles/ssh/config.j2         | 7 ++-----
 3 files changed, 3 insertions(+), 6 deletions(-)
 create mode 100644 group_vars/digitalocean.yml
 delete mode 100644 host_vars/gate.ilvokhin.com/ssh.yml

diff --git a/group_vars/digitalocean.yml b/group_vars/digitalocean.yml
new file mode 100644
index 0000000..fead62f
--- /dev/null
+++ b/group_vars/digitalocean.yml
@@ -0,0 +1 @@
+jumphost: true
diff --git a/host_vars/gate.ilvokhin.com/ssh.yml b/host_vars/gate.ilvokhin.com/ssh.yml
deleted file mode 100644
index fead62f..0000000
--- a/host_vars/gate.ilvokhin.com/ssh.yml
+++ /dev/null
@@ -1 +0,0 @@
-jumphost: true
diff --git a/misc/dotfiles/ssh/config.j2 b/misc/dotfiles/ssh/config.j2
index 8a8ad72..aa11c43 100644
--- a/misc/dotfiles/ssh/config.j2
+++ b/misc/dotfiles/ssh/config.j2
@@ -5,12 +5,9 @@ Host *
     AddKeysToAgent yes
 {% endif %}
 
-Host gate
-    Hostname gate.ilvokhin.com
-    ForwardAgent yes
-
-Host shell sun mail
+Host shell gate sun mail
     Hostname %h.ilvokhin.com
+    ForwardAgent yes
 
 # Moscow machines behind NAT.
 Host flame
-- 
cgit v1.2.3-70-g09d2