From 853ab23e5cfb70471ea353bf72e2032fc16035e6 Mon Sep 17 00:00:00 2001
From: Daniel Kempkens <daniel+git@kempkens.io>
Date: Mon, 8 Aug 2022 23:43:47 +0200
Subject: [PATCH] ssh: Import more host configs

---
 home/hosts/Styx.nix                  |   2 +-
 home/programs/ssh.nix                | 140 ---------------------------
 home/programs/ssh/Styx.nix           |  52 ++++++++++
 home/programs/ssh/shared/builder.nix |  14 +++
 home/programs/ssh/shared/private.nix |  64 ++++++++++++
 home/programs/ssh/shared/work.nix    |  47 +++++++++
 secret/hosts/Styx.nix                | Bin 0 -> 1309 bytes
 7 files changed, 178 insertions(+), 141 deletions(-)
 delete mode 100644 home/programs/ssh.nix
 create mode 100644 home/programs/ssh/Styx.nix
 create mode 100644 home/programs/ssh/shared/builder.nix
 create mode 100644 home/programs/ssh/shared/private.nix
 create mode 100644 home/programs/ssh/shared/work.nix
 create mode 100644 secret/hosts/Styx.nix

diff --git a/home/hosts/Styx.nix b/home/hosts/Styx.nix
index 7c53216..23bc581 100644
--- a/home/hosts/Styx.nix
+++ b/home/hosts/Styx.nix
@@ -24,7 +24,7 @@
 
     ../programs/scripts.nix
 
-    ../programs/ssh.nix
+    ../programs/ssh/Styx.nix
 
     ../programs/streamlink.nix
     ../programs/yt-dlp.nix
diff --git a/home/programs/ssh.nix b/home/programs/ssh.nix
deleted file mode 100644
index eb6a369..0000000
--- a/home/programs/ssh.nix
+++ /dev/null
@@ -1,140 +0,0 @@
-{ pkgs, config, ... }:
-
-let
-  ssh-directory = "${config.home.homeDirectory}/.ssh";
-  ssh-keys = import ../../system/shared/ssh-keys.nix;
-
-  auth-socket = "${ssh-directory}/1password.sock";
-  signers-directory = "${ssh-directory}/allowed_signers";
-
-  secret-sail = import ../../secret/hosts/sail.nix;
-in
-{
-  home.packages = [ pkgs.openssh ];
-
-  programs.ssh = {
-    enable = true;
-
-    forwardAgent = false;
-    compression = false;
-    hashKnownHosts = true;
-    serverAliveInterval = 60;
-    extraConfig = ''
-      IdentityAgent "${auth-socket}"
-      UpdateHostKeys ask
-      VerifyHostKeyDNS yes
-    '';
-
-    matchBlocks = {
-      # Work
-
-      "git.app.nedeco.de" = {
-        port = 22;
-        user = "git";
-        identityFile = "~/.ssh/nedeco_gitlab.pub";
-        identitiesOnly = true;
-        compression = true;
-      };
-
-      "nedeco-smartos-hosting" = {
-        host = "10.0.90.*";
-        port = 22;
-        user = "root";
-        identityFile = "~/.ssh/nedeco.pub";
-        identitiesOnly = true;
-      };
-
-      "msc.nedeco.local" = {
-        port = 22;
-        user = "root";
-        identityFile = "~/.ssh/nedeco.pub";
-        identitiesOnly = true;
-      };
-
-      # Private
-
-      "github.com" = {
-        port = 22;
-        user = "git";
-        identityFile = "~/.ssh/GitHub.pub";
-        identitiesOnly = true;
-        compression = true;
-      };
-
-      "gitlab.com" = {
-        port = 22;
-        user = "git";
-        identityFile = "~/.ssh/GitLab.pub";
-        identitiesOnly = true;
-        compression = true;
-      };
-
-      "router" = {
-        hostname = "10.0.0.1";
-        port = 22;
-        user = "root";
-      };
-
-      "nas" = {
-        hostname = "10.0.0.100";
-        port = 22;
-        user = "daniel";
-        identityFile = "~/.ssh/LAN.pub";
-        identitiesOnly = true;
-      };
-
-      "piboat.lan" = {
-        port = 22;
-        user = "pi";
-        identityFile = "~/.ssh/LAN.pub";
-        identitiesOnly = true;
-      };
-
-      "adsb-antenna" = {
-        hostname = "adsb-antenna.laniot";
-        port = 22;
-        user = "daniel";
-        forwardAgent = true;
-        identityFile = "~/.ssh/LAN.pub";
-        identitiesOnly = true;
-      };
-
-      "sail" = {
-        hostname = secret-sail.publicIP;
-        port = 22;
-        user = "daniel";
-        forwardAgent = true;
-        identityFile = "~/.ssh/Hetzner.pub";
-        identitiesOnly = true;
-      };
-
-      # Builder
-
-      "builder-sail" = {
-        hostname = secret-sail.publicIP;
-        port = 22;
-        user = "root";
-        identityFile = "~/.ssh/Hetzner.pub";
-        identitiesOnly = true;
-      };
-    };
-
-    includes = [
-      "~/.ssh/config_work"
-    ];
-  };
-
-  home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";
-
-  home.file = {
-    "${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
-    "${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
-    "${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
-    "${ssh-directory}/LAN.pub".text = ssh-keys.LAN;
-
-    "${signers-directory}" = {
-      source = ../config/ssh/allowed_signers;
-      recursive = true;
-    };
-  };
-}
diff --git a/home/programs/ssh/Styx.nix b/home/programs/ssh/Styx.nix
new file mode 100644
index 0000000..ce64c8f
--- /dev/null
+++ b/home/programs/ssh/Styx.nix
@@ -0,0 +1,52 @@
+{ pkgs, config, ... }:
+
+let
+  secret = import ../../../secret/hosts/Styx.nix;
+
+  ssh-directory = "${config.home.homeDirectory}/.ssh";
+  auth-socket = "${ssh-directory}/1password.sock";
+  signers-directory = "${ssh-directory}/allowed_signers";
+
+  shared-private = import ./shared/private.nix;
+  shared-builder = import ./shared/builder.nix;
+  shared-work = import ./shared/work.nix { inherit secret; };
+
+  ssh-keys = import ../../../system/shared/ssh-keys.nix;
+in
+{
+  home.packages = [ pkgs.openssh ];
+
+  programs.ssh = {
+    enable = true;
+
+    forwardAgent = false;
+    compression = false;
+    hashKnownHosts = true;
+    serverAliveInterval = 60;
+    extraConfig = ''
+      IdentityAgent "${auth-socket}"
+      UpdateHostKeys ask
+      VerifyHostKeyDNS yes
+    '';
+
+    matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks;
+
+    includes = [
+      "~/.ssh/config_work"
+    ];
+  };
+
+  home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";
+
+  home.file = {
+    "${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
+    "${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
+    "${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
+    "${ssh-directory}/LAN.pub".text = ssh-keys.LAN;
+
+    "${signers-directory}" = {
+      source = ../../config/ssh/allowed_signers;
+      recursive = true;
+    };
+  };
+}
diff --git a/home/programs/ssh/shared/builder.nix b/home/programs/ssh/shared/builder.nix
new file mode 100644
index 0000000..03fb0cb
--- /dev/null
+++ b/home/programs/ssh/shared/builder.nix
@@ -0,0 +1,14 @@
+let
+  secret-sail = import ../../../../secret/hosts/sail.nix;
+in
+{
+  matchBlocks = {
+    "builder-sail" = {
+      hostname = secret-sail.publicIP;
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
+  };
+}
diff --git a/home/programs/ssh/shared/private.nix b/home/programs/ssh/shared/private.nix
new file mode 100644
index 0000000..a16eff3
--- /dev/null
+++ b/home/programs/ssh/shared/private.nix
@@ -0,0 +1,64 @@
+let
+  secret-sail = import ../../../../secret/hosts/sail.nix;
+in
+{
+  matchBlocks = {
+    "github.com" = {
+      port = 22;
+      user = "git";
+      identityFile = "~/.ssh/GitHub.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
+    "gitlab.com" = {
+      port = 22;
+      user = "git";
+      identityFile = "~/.ssh/GitLab.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
+    "router" = {
+      hostname = "10.0.0.1";
+      port = 22;
+      user = "root";
+      extraOptions = {
+        PreferredAuthentications = "password";
+      };
+    };
+
+    "nas" = {
+      hostname = "10.0.0.100";
+      port = 22;
+      user = "daniel";
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
+
+    "piboat.lan" = {
+      port = 22;
+      user = "pi";
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
+
+    "adsb-antenna" = {
+      hostname = "adsb-antenna.laniot";
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
+
+    "sail" = {
+      hostname = secret-sail.publicIP;
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
+  };
+}
diff --git a/home/programs/ssh/shared/work.nix b/home/programs/ssh/shared/work.nix
new file mode 100644
index 0000000..2aa6c24
--- /dev/null
+++ b/home/programs/ssh/shared/work.nix
@@ -0,0 +1,47 @@
+{ secret, ... }:
+
+{
+  matchBlocks = {
+    "git.app.nedeco.de" = {
+      port = 22;
+      user = "git";
+      identityFile = "~/.ssh/nedeco_gitlab.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
+    "nedeco-smartos-hosting" = {
+      host = "10.0.90.*";
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/nedeco.pub";
+      identitiesOnly = true;
+    };
+
+    "msc.nedeco.local" = {
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/nedeco.pub";
+      identitiesOnly = true;
+    };
+
+    "headnode.nedeco-hosting.local" = {
+      hostname = "10.0.90.13";
+      port = 22;
+      user = "root";
+      extraOptions = {
+        PreferredAuthentications = "password";
+      };
+    };
+
+    "cnode01.nedeco-hosting.local" = {
+      hostname = "10.0.88.45";
+      port = 22;
+      user = "root";
+      proxyCommand = "ssh headnode.nedeco-hosting.local nc -w 120 %h %p";
+      extraOptions = {
+        PreferredAuthentications = "password";
+      };
+    };
+  } // secret.ssh.matchBlocks.work;
+}
diff --git a/secret/hosts/Styx.nix b/secret/hosts/Styx.nix
new file mode 100644
index 0000000000000000000000000000000000000000..2118ac2a907b22fccfc59a1b3def0d98635f0016
GIT binary patch
literal 1309
zcmV+&1>*VuM@dveQdv+`0KkHMw{W7Ag^w%A3#*93$5+gHfbJ0Ec%h%eou`nhVv4A>
z&mfss+Xm~Dx>dmuxk)kve~|*$;fqLs{rYZ?Qqk3yt~F|psPe0&vT!iaY_cB$cz<V8
z2%x7oJHa&E73mCqJrkd>lKwtFJEXV928;igMc|!`zUsV8C|02C#8<S!he7`-K{2lY
z*RJ-jn`NkCYoX&%duToYssZ@qtajK{B)mEE&WvH0^2Oe+G8vFb9&k)GZh>y!mli|t
z!YLp}rI^F3`na#Q)WTl2&PnExrrlkif2d#CKpOYV)07Umtu^#iC=CQTx~;G?M?BUj
zd73ipp*RFXvt}k<5@Cqui#Jo;+v%=E@kJlsl<fLcPgM40EByd4z{yNsACFxD{R<;;
zqoH>Do|`2XGVc*k2X$Wlx5|uBAR!CtPFgTHty8{RM<DxLGDc#txCm14n!*(WraH<W
zV4JA<G0%((994mp!elYQhqhvTw3iW%WtriQ#(F#QGJ*GtvF>w^u?W4noP;ozavdS>
zpr;dzE~CsCP6ChN7XQ6Ic0KC1ixY%f-VAwbqhHT_l^43#vB%Fz>UoHfp-hfBiOaN4
zuvd|N%I=~lootgS5_7i1CiN9Cy!AO^SLyAKA@8wCvmvb_a6zj3O|HZF;Aas8`1|5L
zD#ocm;h4WxpHXgyYEA@QwwgEyuz*Inl9EhrUeBs1lqX0a!T}u<|4`3EpciniqxcW^
z#&gW9sZk$?f@&W1puw_?XET0k`>aNV#!MuBA{od*-^cSxh(SXGxI!*L4%_Kyv0ghP
zNMMX)`heF>HyKYtK^{LEt@yh$Z9AW<)&^J2!HeGlR27QD`9$|30X7D~+><fJO`i~y
zK-L09gJFVEks@-t_YCYS6XXNT7&!#tg!)u+iENQlPIP;Or7{|q?)xz1>)uyxOKG}5
zCjuUPX!B&3Gr%uCy`r}suwLen<xr}4Bzel`gCti6`oZaN=DmKE(IQ3xmwe2xrA6wB
zG_0`;g*|=eiD^ZK1&~7Ih3)s2*06P_mwn(Va_(i1gn0rK8O4nA5TUErPf}V+Dv<Af
zU`2innQ!glK&?sMp9GGxpbdT18cieG90y7~@Dqt0ciUE~%i*(V&Hm6e#c`oA_wX$m
zdw5rw+UNtjV>~GT(}}K(9#N<KNZ?%K2Ep$!339#b7;~6D1+BT{p)-*oWrDN27suDL
z{`Vi97I?^>IL3aq<w6>41hc?117xCDA~)k`+H`#t4vjd7^!^8$(IxW+3*q^~q5$Tc
zF3hX~zLvLAq`3~Ho6vY^VFK^XSSFxA(SiiqIwgs-Hlm=UvX`P{0R6>8Kqq1qdKWIm
zmb~W|(xK^}zvUG<r$(NepF>4Yi3K_8nq;_5VJCRbRk|va$h{b<E#$vcinU9d>Sh(b
zK<B&?{2JIFjSKQa7=ZPdz_y`_BQRJCd;`(-RZH)!g#i><OI28^s!fyXW5wy`U={S9
zfv^6>=#44su~M2P<iY6=1fHciuOfCNCX|kcPnP)7nP7|wduDuf#Qi2WZd=MJt<)QR
zfrn9AdnM&B7le5$a-|I7kF)=TC?vkqFDj>x>+Sa(7jJk*Jq`z)V|b2end&`6#@Aww
z1%&NQy6Os#m02iN88o~PVe|5BEc~VKi3H1VwDV0VEzh!Qa}87StJmxRdp?A*86bXq
T`7|o43>=SoqoGk@Rf4RuU$%*#

literal 0
HcmV?d00001