From e0e455721f521f4dfd6644555f80c4c3fd283132 Mon Sep 17 00:00:00 2001
From: Trolli Schmittlauch <t.schmittlauch@orlives.de>
Date: Thu, 4 Sep 2025 14:42:39 +0200
Subject: [PATCH] workmac/ssh: only enable multiplexing for jump hosts

otherwise reboot checks for remote machines were stuck waiting for the
jump host socket.

quick fix, could be nicer, introduces code duplication
---
 home/workmac.nix | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/home/workmac.nix b/home/workmac.nix
index 64c3fc3..9f7e922 100644
--- a/home/workmac.nix
+++ b/home/workmac.nix
@@ -35,12 +35,8 @@ in
     enable = true;
     # defaults in bottom match block "*"
     # TODO: common config for desktop as well
-    # multiplexer, e.g. to avoid rate limiting on jumphost usage
     serverAliveInterval = 10;
     serverAliveCountMax = 2; # 2 strikes and you're out
-    controlMaster = "auto";
-    # not too long, due to the frequent keepalives
-    controlPersist = "1h";
     # ssh host config
     matchBlocks = {
 
@@ -60,14 +56,21 @@ in
         extraOptions = {
           LogLevel = "Verbose";
           AddressFamily = "inet";
+          ControlMaster = "auto";
+          # not too long, due to the frequent keepalives
+          ControlPersist = "1h";
         };
 
       };
       "fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] {
+        # multiplexer, e.g. to avoid rate limiting on jumphost usage
         hostname = "vpn-rzob.services.fcio.net";
         extraOptions = {
           LogLevel = "Verbose";
           AddressFamily = "inet";
+          ControlMaster = "auto";
+          # not too long, due to the frequent keepalives
+          ControlPersist = "1h";
         };
 
       };