dotfiles/home/programs/ssh.nix

{ pkgs, config, ... }:

let
  ssh-directory = "${config.home.homeDirectory}/.ssh";
  ssh-keys = import ../../system/shared/ssh-keys.nix;

  auth-socket = "${ssh-directory}/1password.sock";
  signers-directory = "${ssh-directory}/allowed_signers";

  secret-sail = import ../../secret/hosts/sail.nix;
in
{
  home.packages = [ pkgs.openssh ];

  programs.ssh = {
    enable = true;

    forwardAgent = false;
    compression = false;
    hashKnownHosts = true;
    serverAliveInterval = 60;
    extraConfig = ''
      IdentityAgent "${auth-socket}"
      UpdateHostKeys ask
      VerifyHostKeyDNS yes
    '';

    matchBlocks = {
      # Work

      "git.app.nedeco.de" = {
        port = 22;
        user = "git";
        identityFile = "~/.ssh/nedeco_gitlab.pub";
        identitiesOnly = true;
        compression = true;
      };

      "nedeco-smartos-hosting" = {
        host = "10.0.90.*";
        port = 22;
        user = "root";
        identityFile = "~/.ssh/nedeco.pub";
        identitiesOnly = true;
      };

      "msc.nedeco.local" = {
        port = 22;
        user = "root";
        identityFile = "~/.ssh/nedeco.pub";
        identitiesOnly = true;
      };

      # Private

      "github.com" = {
        port = 22;
        user = "git";
        identityFile = "~/.ssh/GitHub.pub";
        identitiesOnly = true;
        compression = true;
      };

      "gitlab.com" = {
        port = 22;
        user = "git";
        identityFile = "~/.ssh/GitLab.pub";
        identitiesOnly = true;
        compression = true;
      };

      "router" = {
        hostname = "10.0.0.1";
        port = 22;
        user = "root";
      };

      "nas" = {
        hostname = "10.0.0.100";
        port = 22;
        user = "daniel";
        identityFile = "~/.ssh/LAN.pub";
        identitiesOnly = true;
      };

      "piboat.lan" = {
        port = 22;
        user = "pi";
        identityFile = "~/.ssh/LAN.pub";
        identitiesOnly = true;
      };

      "adsb-antenna" = {
        hostname = "adsb-antenna.laniot";
        port = 22;
        user = "daniel";
        forwardAgent = true;
        identityFile = "~/.ssh/LAN.pub";
        identitiesOnly = true;
      };

      "sail" = {
        hostname = secret-sail.publicIP;
        port = 22;
        user = "daniel";
        forwardAgent = true;
        identityFile = "~/.ssh/Hetzner.pub";
        identitiesOnly = true;
      };

      # Builder

      "builder-sail" = {
        hostname = secret-sail.publicIP;
        port = 22;
        user = "root";
        identityFile = "~/.ssh/Hetzner.pub";
        identitiesOnly = true;
      };
    };

    includes = [
      "~/.ssh/config_work"
    ];
  };

  home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";

  home.file = {
    "${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
    "${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
    "${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
    "${ssh-directory}/LAN.pub".text = ssh-keys.LAN;

    "${signers-directory}" = {
      source = ../config/ssh/allowed_signers;
      recursive = true;
    };
  };
}
Move ssh and yt-dlp to programs folder 2022-04-14 18:25:49 +00:00			`{ pkgs, config, ... }:`
git: Sign with SSH key 2022-01-25 21:21:15 +00:00
			`let`
ssh: Manage some public keys via nix 2022-07-31 22:23:56 +00:00			`ssh-directory = "${config.home.homeDirectory}/.ssh";`
			`ssh-keys = import ../../system/shared/ssh-keys.nix;`

			`auth-socket = "${ssh-directory}/1password.sock";`
			`signers-directory = "${ssh-directory}/allowed_signers";`
adsb: Rename some variables 2022-08-04 18:11:40 +00:00
			`secret-sail = import ../../secret/hosts/sail.nix;`
git: Sign with SSH key 2022-01-25 21:21:15 +00:00			`in`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`{`
Move ssh and yt-dlp to programs folder 2022-04-14 18:25:49 +00:00			`home.packages = [ pkgs.openssh ];`

Add basic SSH config 2022-01-10 21:41:52 +00:00			`programs.ssh = {`
			`enable = true;`

			`forwardAgent = false;`
			`compression = false;`
			`hashKnownHosts = true;`
			`serverAliveInterval = 60;`
			`extraConfig = ''`
ssh: Set IdentityAgent 2022-04-06 20:20:03 +00:00			`IdentityAgent "${auth-socket}"`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`UpdateHostKeys ask`
			`VerifyHostKeyDNS yes`
			`'';`

			`matchBlocks = {`
			`# Work`

			`"git.app.nedeco.de" = {`
			`port = 22;`
			`user = "git";`
Use 1PW as the SSH agent 2022-03-17 09:33:21 +00:00			`identityFile = "~/.ssh/nedeco_gitlab.pub";`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`identitiesOnly = true;`
			`compression = true;`
			`};`

			`"nedeco-smartos-hosting" = {`
			`host = "10.0.90.*";`
			`port = 22;`
			`user = "root";`
Use 1PW as the SSH agent 2022-03-17 09:33:21 +00:00			`identityFile = "~/.ssh/nedeco.pub";`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`identitiesOnly = true;`
			`};`

Work-related updates 2022-05-31 13:46:57 +00:00			`"msc.nedeco.local" = {`
			`port = 22;`
			`user = "root";`
			`identityFile = "~/.ssh/nedeco.pub";`
			`identitiesOnly = true;`
			`};`

Add basic SSH config 2022-01-10 21:41:52 +00:00			`# Private`

			`"github.com" = {`
			`port = 22;`
			`user = "git";`
Use 1PW as the SSH agent 2022-03-17 09:33:21 +00:00			`identityFile = "~/.ssh/GitHub.pub";`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`identitiesOnly = true;`
			`compression = true;`
			`};`

			`"gitlab.com" = {`
			`port = 22;`
			`user = "git";`
Fix upp alias 2022-03-19 21:54:55 +00:00			`identityFile = "~/.ssh/GitLab.pub";`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`identitiesOnly = true;`
			`compression = true;`
			`};`

Update ssh config 2022-01-11 22:13:08 +00:00			`"router" = {`
			`hostname = "10.0.0.1";`
			`port = 22;`
			`user = "root";`
			`};`

Add basic SSH config 2022-01-10 21:41:52 +00:00			`"nas" = {`
Update ssh config 2022-01-11 22:13:08 +00:00			`hostname = "10.0.0.100";`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`port = 22;`
			`user = "daniel";`
Set ENV variables in modules that "provide" them 2022-04-01 08:12:30 +00:00			`identityFile = "~/.ssh/LAN.pub";`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`identitiesOnly = true;`
ssh: Add some aliases 2022-05-07 21:31:58 +00:00			`};`

adsb: Rename some variables 2022-08-04 18:11:40 +00:00			`"piboat.lan" = {`
ssh: Add some aliases 2022-05-07 21:31:58 +00:00			`port = 22;`
adsb: Rename some variables 2022-08-04 18:11:40 +00:00			`user = "pi";`
ssh: Add some aliases 2022-05-07 21:31:58 +00:00			`identityFile = "~/.ssh/LAN.pub";`
			`identitiesOnly = true;`
			`};`

adsb-antenna: Add ssh entry 2022-08-04 22:39:12 +00:00			`"adsb-antenna" = {`
			`hostname = "adsb-antenna.laniot";`
			`port = 22;`
			`user = "daniel";`
			`forwardAgent = true;`
			`identityFile = "~/.ssh/LAN.pub";`
			`identitiesOnly = true;`
			`};`

adsb: Rename some variables 2022-08-04 18:11:40 +00:00			`"sail" = {`
			`hostname = secret-sail.publicIP;`
ssh: piboat configuration 2022-07-09 22:12:22 +00:00			`port = 22;`
adsb: Rename some variables 2022-08-04 18:11:40 +00:00			`user = "daniel";`
adsb-antenna: Add ssh entry 2022-08-04 22:39:12 +00:00			`forwardAgent = true;`
adsb: Rename some variables 2022-08-04 18:11:40 +00:00			`identityFile = "~/.ssh/Hetzner.pub";`
ssh: Update configuration 2022-07-15 13:08:10 +00:00			`identitiesOnly = true;`
ssh: piboat configuration 2022-07-09 22:12:22 +00:00			`};`

adsb: Rename some variables 2022-08-04 18:11:40 +00:00			`# Builder`

			`"builder-sail" = {`
			`hostname = secret-sail.publicIP;`
			`port = 22;`
ssh: Add some aliases 2022-05-07 21:31:58 +00:00			`user = "root";`
			`identityFile = "~/.ssh/Hetzner.pub";`
			`identitiesOnly = true;`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`};`
			`};`
Update ssh config 2022-01-11 22:13:08 +00:00
			`includes = [`
			`"~/.ssh/config_work"`
			`];`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`};`
git: Sign with SSH key 2022-01-25 21:21:15 +00:00
ssh: Set IdentityAgent 2022-04-06 20:20:03 +00:00			`home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";`
Set ENV variables in modules that "provide" them 2022-04-01 08:12:30 +00:00
ssh: Manage some public keys via nix 2022-07-31 22:23:56 +00:00			`home.file = {`
			`"${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;`
			`"${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;`
			`"${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;`
			`"${ssh-directory}/LAN.pub".text = ssh-keys.LAN;`

			`"${signers-directory}" = {`
			`source = ../config/ssh/allowed_signers;`
			`recursive = true;`
			`};`
git: Sign with SSH key 2022-01-25 21:21:15 +00:00			`};`
Add basic SSH config 2022-01-10 21:41:52 +00:00			`}`