2022-08-08 23:43:47 +02:00
|
|
|
{ pkgs, config, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
secret = import ../../../secret/hosts/Styx.nix;
|
|
|
|
|
|
|
|
ssh-directory = "${config.home.homeDirectory}/.ssh";
|
2024-02-16 23:06:54 +01:00
|
|
|
auth-socket = "${config.home.homeDirectory}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
|
2022-08-08 23:43:47 +02:00
|
|
|
signers-directory = "${ssh-directory}/allowed_signers";
|
|
|
|
|
|
|
|
shared-private = import ./shared/private.nix;
|
|
|
|
shared-work = import ./shared/work.nix { inherit secret; };
|
|
|
|
|
|
|
|
ssh-keys = import ../../../system/shared/ssh-keys.nix;
|
|
|
|
in
|
|
|
|
{
|
|
|
|
home.packages = [ pkgs.openssh ];
|
|
|
|
|
|
|
|
programs.ssh = {
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
forwardAgent = false;
|
|
|
|
compression = false;
|
|
|
|
hashKnownHosts = true;
|
|
|
|
serverAliveInterval = 60;
|
|
|
|
extraConfig = ''
|
|
|
|
IdentityAgent "${auth-socket}"
|
2024-02-16 23:06:54 +01:00
|
|
|
VerifyHostKeyDNS yes
|
2022-08-08 23:43:47 +02:00
|
|
|
'';
|
|
|
|
|
2023-10-25 23:31:32 +02:00
|
|
|
matchBlocks = shared-private.matchBlocks // shared-work.matchBlocks;
|
2022-08-08 23:43:47 +02:00
|
|
|
|
|
|
|
includes = [
|
|
|
|
"~/.ssh/config_work"
|
|
|
|
];
|
|
|
|
};
|
|
|
|
|
|
|
|
home.file = {
|
|
|
|
"${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
|
|
|
|
"${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
|
|
|
|
"${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
|
|
|
|
"${ssh-directory}/LAN.pub".text = ssh-keys.LAN;
|
|
|
|
|
|
|
|
"${signers-directory}" = {
|
|
|
|
source = ../../config/ssh/allowed_signers;
|
|
|
|
recursive = true;
|
|
|
|
};
|
|
|
|
};
|
2024-02-16 23:06:54 +01:00
|
|
|
|
|
|
|
# Make agent available to all programs
|
|
|
|
|
|
|
|
home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";
|
|
|
|
|
|
|
|
launchd.agents.SSH_AUTH_SOCK = {
|
|
|
|
enable = true;
|
|
|
|
config = {
|
|
|
|
ProgramArguments = [
|
|
|
|
"/bin/sh"
|
|
|
|
"-c"
|
|
|
|
"/bin/ln -sf \"${auth-socket}\" $SSH_AUTH_SOCK"
|
|
|
|
];
|
|
|
|
RunAtLoad = true;
|
|
|
|
};
|
|
|
|
};
|
2022-08-08 23:43:47 +02:00
|
|
|
}
|