# =============================================================================
# SSH Client Configuration
# Managed by dotfiles_manager.sh | ~/dotfiles/.ssh/config
# =============================================================================


# =============================================================================
# GLOBAL DEFAULTS
# Applied to every connection unless overridden by a specific Host block.
# =============================================================================
Host *
    AddKeysToAgent       yes
    IgnoreUnknown        UseKeychain
    UseKeychain          yes
    ForwardAgent         yes
    Compression          yes
    ServerAliveInterval  60
    ServerAliveCountMax  10
    # Disable strict host checking globally — convenient for ephemeral lab/dev hosts.
    # Override per-host below for anything production or security-sensitive.
    StrictHostKeyChecking  no
    UserKnownHostsFile     /dev/null


# =============================================================================
# WORK — JUMP HOSTS / DMZ
# These are the entry points for all internal Juniper infrastructure.
# =============================================================================

# Primary engineering DMZ — Quincy
Host engdmz
    HostName             qceng-dmz-01
    User                 kenjim
    DynamicForward       3130
    ServerAliveInterval  250
    Ciphers              aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    # Postgres DB forwards
    LocalForward  5430  10.47.245.65:5432              # engtech secondary
    LocalForward  5433  10.47.245.41:5432              # engtech primary
    LocalForward  5450  10.47.245.53:5432              # TIM production
    # K8 cluster API forwards
    LocalForward  8443  qnengapp1-vip.juniper.net:443  # Quincy K8
    LocalForward  9443  bnengapp1-vip.juniper.net:443  # Bangalore K8

# Lab DMZ — TTQC
Host labdmz
    HostName             ttqc-tim-sh01.juniper.net
    User                 kenjim
    DynamicForward       3129
    ServerAliveInterval  250
    Ciphers              aes256-ctr,chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
    LocalForward  6548  etus-pgb-lrm.ttglb.juniper.net:6548   # LRM DB

# Encrypted engineering DMZ — Quincy
Host encdmz
    HostName             qcencl-dmz-01
    User                 kenjim
    DynamicForward       3135
    ServerAliveInterval  250

# eVNC DMZ
Host evncdmz
    HostName  qceng-evnc-02.juniper.net
    User      kenjim


# =============================================================================
# WORK — DEV / K8 MACHINES
# =============================================================================

# Primary dev machine — Quincy K8
Host k
    HostName             etqc-kenjim-11.juniper.net
    DynamicForward       3139
    ServerAliveInterval  30
    ServerAliveCountMax  20
    RemoteForward        2222 localhost:22
    LocalForward         8888 qnc-engdata5vs3.juniper.net:80                                    # S3 proxy
    LocalForward         5447 engtech-lrm-snap1-qnc.engtech-pgdb-qnc.qengk8.juniper.net:5432   # LRM Beta DB
    # ProxyJump engdmz

# Previous dev machine
Host kold
    HostName  etqc-kenjim-01.juniper.net

# TaaS dev machine
Host qtaas
    HostName  kenjim-taas.qengk8.juniper.net

Host btaas
    HostName  kenjim-taas.bengk8.juniper.net

# Temp machine — Bangalore K8
Host ktb
    HostName  kenjim-temp.bengk8.juniper.net

# Shared dev server — Quincy K8
Host k8dev
    HostName        engtech-dev-01.juniper.net
    DynamicForward  3132
    LocalForward    8889 qnc-engdata5vs3.juniper.net:80   # S3 proxy
    # ProxyJump engdmz

# Shared dev server — Bangalore K8
Host k8devb
    HostName   engtech-bdev-01
    ProxyJump  engdmz


# =============================================================================
# WORK — LAB INFRASTRUCTURE
# =============================================================================

# Paul's machine (via labdmz)
Host p
    HostName        etqc-pms-02.juniper.net
    DynamicForward  3140

# TTQC shell server
Host ttqc-shell
    HostName  ttqc-shell012.juniper.net

# TTQC shell server (via engdmz)
Host ttqc-shell005
    HostName   ttqc-shell005
    ProxyJump  engdmz

# TTQC test DB (via labdmz)
Host ttqc-testdb-01
    ProxyJump  labdmz

# DLM database host
Host etqc-dlm-db-01
    HostName      etqc-dlm-db-01
    User          kenjim
    LocalForward  5433 localhost:5431

# TIM agent hosts — wildcard (via engdmz)
Host etqc-tim-agt-*
    ProxyJump  engdmz


# =============================================================================
# HOME NETWORK  (172.27.0.0/24)
# =============================================================================

# Local Gitea server
Host zet
    HostName             172.27.0.35
    ServerAliveInterval  540

# Local home router (pfSense)
Host pfsense
    HostName  172.27.0.1
    User      root

# Secondary home router / gateway
Host router
    HostName  172.27.0.254
    User      root

# Second Mac (MacBook Mini)
Host kenjim-mbm
    HostName  kenjim-mbm.home.arpa

# Home server — internal LAN IP
Host akira-mt
    HostName  172.27.0.11


# =============================================================================
# PERSONAL REMOTE MACHINES
# =============================================================================

# Primary home server — external access
Host akira
    HostName             lair.kenjim.com
    Port                 11722
    ForwardAgent         yes
    ForwardX11           yes
    Compression          yes
    ServerAliveInterval  540
    # LocalForward 55900 localhost:5900   # VNC to home display
    # LocalForward 53389 t41xp:3389       # RDP to Windows box

# Home server — t430 VM (port-forwarded through router)
Host lair-t430-vm
    HostName      lair.kenjim.com
    Port          11922
    ForwardAgent  yes
    Compression   yes

# Personal VPS / bastion
Host bar
    HostName             bar.kenjim.com
    User                 root
    DynamicForward       3128
    Compression          yes
    ServerAliveInterval  540

# MacBook Pro (accessed from kenjim-lnx on LAN)
Host mbp
    HostName      192.168.0.100
    User          kenjim
    ForwardAgent  yes

# Mint VM on MacBook (VMware Fusion)
Host kenjim-vm
    HostName      192.168.168.130
    User          kenjim
    ForwardAgent  yes