sharparam.com / nix-config
this repo has no description
nix
fork atom
nix-config / modules / base / ssh / ssh.nix
at main 126 lines 3.6 kB view raw
sharparam.com Move SOL SSH configs to own file
3820fe69
1{ lib, ... }: 2let 3 authKeysModule = authorizedKeys: { 4 homeManager = 5 { config, ... }: 6 { 7 home.file.".ssh/authorized_keys.hm-init" = { 8 text = lib.join "\n" ( 9 [ 10 "# DO NOT EDIT" 11 "# This file is managed by Home Manager" 12 "# Any manual changes to this file will be overwritten" 13 ] 14 ++ authorizedKeys 15 ); 16 onChange = 17 let 18 homeDir = config.home.homeDirectory; 19 source = "${homeDir}/.ssh/authorized_keys.hm-init"; 20 target = "${homeDir}/.ssh/authorized_keys"; 21 in 22 '' 23 rm --verbose --force "${target}" 24 cp --verbose "${source}" "${target}" 25 chmod --verbose 400 "${target}" 26 rm --verbose --force "${source}" 27 ''; 28 }; 29 }; 30 }; 31 32 userHome = { host, user }: authKeysModule user.ssh.authorizedKeys; 33 home = { home }: authKeysModule home.ssh.authorizedKeys; 34in 35{ 36 den.aspects.ssh = { 37 includes = [ 38 userHome 39 home 40 ]; 41 42 nixos = { 43 programs = { 44 ssh = { 45 # Only supported on NixOS 46 startAgent = lib.mkDefault false; 47 }; 48 }; 49 }; 50 51 homeManager = 52 { lib, pkgs, ... }: 53 let 54 inherit (lib.hm.dag) entryAfter entryBetween; 55 in 56 { 57 home.activation.createSshHomeDir = entryBetween [ "linkGeneration" ] [ "writeBoundary" ] '' 58 run mkdir $VERBOSE_ARG -m700 -p "$HOME/.ssh" 59 run mkdir $VERBOSE_ARG -m700 -p "$HOME/.ssh/control" 60 run mkdir $VERBOSE_ARG -m700 -p "$HOME/.ssh/config.d" 61 ''; 62 63 programs.ssh = { 64 enable = true; 65 enableDefaultConfig = false; 66 includes = [ 67 "~/.ssh/config.d/*" 68 "~/.ssh/config.local" 69 ]; 70 matchBlocks = { 71 "*" = { 72 addKeysToAgent = "no"; 73 compression = false; 74 controlMaster = "auto"; 75 controlPath = "~/.ssh/control/%r@%h:%p"; 76 controlPersist = "5m"; 77 forwardAgent = false; 78 hashKnownHosts = false; 79 serverAliveInterval = 0; 80 serverAliveCountMax = 3; 81 userKnownHostsFile = "~/.ssh/known_hosts"; 82 }; 83 servers = entryAfter [ "*" ] { 84 host = "solaire shanalotte matrix radahn"; 85 hostname = "%h.sharparam.com"; 86 user = "sharparam"; 87 forwardAgent = true; 88 extraOptions = { 89 PasswordAuthentication = "no"; 90 VerifyHostKeyDNS = "yes"; 91 }; 92 }; 93 solaire = entryAfter [ "servers" ] { 94 port = 987; 95 }; 96 shanalotte = entryAfter [ "servers" ] { 97 port = 987; 98 }; 99 matrix = entryAfter [ "servers" ] { 100 port = 987; 101 }; 102 radahn = entryAfter [ "servers" ] { 103 port = 22; 104 }; 105 seedbox = { 106 host = "seedbox"; 107 hostname = "ds16999.seedhost.eu"; 108 port = 22; 109 }; 110 aur = { 111 hostname = "aur.archlinux.org"; 112 user = "aur"; 113 }; 114 github = { 115 host = "github gh"; 116 hostname = "github.com"; 117 user = "git"; 118 extraOptions = { 119 PasswordAuthentication = "no"; 120 }; 121 }; 122 }; 123 }; 124 }; 125 }; 126}