homes/encode42/common/ssh.nix at main

encode42.dev / nixos

fork atom

Personal-use NixOS configuration

fork atom

nixos / homes / encode42 / common / ssh.nix

at main 39 lines 731 B view raw

wrap content

encode42.dev Enable GPG extra socket globally 17d ago

9b4290db

 1{ osConfig, ... }:
 2
 3let
 4  host = "index";
 5  address = "192.168.1.2";
 6
 7  agentPath = "/run/user/${toString osConfig.users.users.encode42.uid}/gnupg/S.gpg-agent";
 8  remoteForwards = [
 9    {
10      bind.address = agentPath;
11      host.address = agentPath + ".extra";
12    }
13  ];
14in
15{
16  programs.ssh = {
17    enable = true;
18    enableDefaultConfig = false;
19
20    matchBlocks = {
21      "index-local" = {
22        inherit remoteForwards;
23
24        match = "host ${host} exec 'ping -c1 -W0.5 ${address} >/dev/null 2>&1'";
25        hostname = address;
26
27        forwardAgent = true;
28      };
29
30      "index-remote" = {
31        inherit host remoteForwards;
32
33        hostname = "encrypted.group";
34
35        forwardAgent = true;
36      };
37    };
38  };
39}