ssh: Import more host configs

home/hosts/Styx.nix

@@ -24,7 +24,7 @@
 
     ../programs/scripts.nix
 
-    ../programs/ssh.nix
+    ../programs/ssh/Styx.nix
 
     ../programs/streamlink.nix
     ../programs/yt-dlp.nix

home/programs/ssh.nix

@@ -1,140 +0,0 @@
-{ pkgs, config, ... }:
-
-let
-  ssh-directory = "${config.home.homeDirectory}/.ssh";
-  ssh-keys = import ../../system/shared/ssh-keys.nix;
-
-  auth-socket = "${ssh-directory}/1password.sock";
-  signers-directory = "${ssh-directory}/allowed_signers";
-
-  secret-sail = import ../../secret/hosts/sail.nix;
-in
-{
-  home.packages = [ pkgs.openssh ];
-
-  programs.ssh = {
-    enable = true;
-
-    forwardAgent = false;
-    compression = false;
-    hashKnownHosts = true;
-    serverAliveInterval = 60;
-    extraConfig = ''
-      IdentityAgent "${auth-socket}"
-      UpdateHostKeys ask
-      VerifyHostKeyDNS yes
-    '';
-
-    matchBlocks = {
-      # Work
-
-      "git.app.nedeco.de" = {
-        port = 22;
-        user = "git";
-        identityFile = "~/.ssh/nedeco_gitlab.pub";
-        identitiesOnly = true;
-        compression = true;
-      };
-
-      "nedeco-smartos-hosting" = {
-        host = "10.0.90.*";
-        port = 22;
-        user = "root";
-        identityFile = "~/.ssh/nedeco.pub";
-        identitiesOnly = true;
-      };
-
-      "msc.nedeco.local" = {
-        port = 22;
-        user = "root";
-        identityFile = "~/.ssh/nedeco.pub";
-        identitiesOnly = true;
-      };
-
-      # Private
-
-      "github.com" = {
-        port = 22;
-        user = "git";
-        identityFile = "~/.ssh/GitHub.pub";
-        identitiesOnly = true;
-        compression = true;
-      };
-
-      "gitlab.com" = {
-        port = 22;
-        user = "git";
-        identityFile = "~/.ssh/GitLab.pub";
-        identitiesOnly = true;
-        compression = true;
-      };
-
-      "router" = {
-        hostname = "10.0.0.1";
-        port = 22;
-        user = "root";
-      };
-
-      "nas" = {
-        hostname = "10.0.0.100";
-        port = 22;
-        user = "daniel";
-        identityFile = "~/.ssh/LAN.pub";
-        identitiesOnly = true;
-      };
-
-      "piboat.lan" = {
-        port = 22;
-        user = "pi";
-        identityFile = "~/.ssh/LAN.pub";
-        identitiesOnly = true;
-      };
-
-      "adsb-antenna" = {
-        hostname = "adsb-antenna.laniot";
-        port = 22;
-        user = "daniel";
-        forwardAgent = true;
-        identityFile = "~/.ssh/LAN.pub";
-        identitiesOnly = true;
-      };
-
-      "sail" = {
-        hostname = secret-sail.publicIP;
-        port = 22;
-        user = "daniel";
-        forwardAgent = true;
-        identityFile = "~/.ssh/Hetzner.pub";
-        identitiesOnly = true;
-      };
-
-      # Builder
-
-      "builder-sail" = {
-        hostname = secret-sail.publicIP;
-        port = 22;
-        user = "root";
-        identityFile = "~/.ssh/Hetzner.pub";
-        identitiesOnly = true;
-      };
-    };
-
-    includes = [
-      "~/.ssh/config_work"
-    ];
-  };
-
-  home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";
-
-  home.file = {
-    "${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
-    "${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
-    "${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
-    "${ssh-directory}/LAN.pub".text = ssh-keys.LAN;
-
-    "${signers-directory}" = {
-      source = ../config/ssh/allowed_signers;
-      recursive = true;
-    };
-  };
-}

home/programs/ssh/Styx.nix

@@ -0,0 +1,52 @@
+{ pkgs, config, ... }:
+
+let
+  secret = import ../../../secret/hosts/Styx.nix;
+
+  ssh-directory = "${config.home.homeDirectory}/.ssh";
+  auth-socket = "${ssh-directory}/1password.sock";
+  signers-directory = "${ssh-directory}/allowed_signers";
+
+  shared-private = import ./shared/private.nix;
+  shared-builder = import ./shared/builder.nix;
+  shared-work = import ./shared/work.nix { inherit secret; };
+
+  ssh-keys = import ../../../system/shared/ssh-keys.nix;
+in
+{
+  home.packages = [ pkgs.openssh ];
+
+  programs.ssh = {
+    enable = true;
+
+    forwardAgent = false;
+    compression = false;
+    hashKnownHosts = true;
+    serverAliveInterval = 60;
+    extraConfig = ''
+      IdentityAgent "${auth-socket}"
+      UpdateHostKeys ask
+      VerifyHostKeyDNS yes
+    '';
+
+    matchBlocks = shared-private.matchBlocks // shared-builder.matchBlocks // shared-work.matchBlocks;
+
+    includes = [
+      "~/.ssh/config_work"
+    ];
+  };
+
+  home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";
+
+  home.file = {
+    "${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
+    "${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
+    "${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
+    "${ssh-directory}/LAN.pub".text = ssh-keys.LAN;
+
+    "${signers-directory}" = {
+      source = ../../config/ssh/allowed_signers;
+      recursive = true;
+    };
+  };
+}

home/programs/ssh/shared/builder.nix

@@ -0,0 +1,14 @@
+let
+  secret-sail = import ../../../../secret/hosts/sail.nix;
+in
+{
+  matchBlocks = {
+    "builder-sail" = {
+      hostname = secret-sail.publicIP;
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
+  };
+}

home/programs/ssh/shared/private.nix

@@ -0,0 +1,64 @@
+let
+  secret-sail = import ../../../../secret/hosts/sail.nix;
+in
+{
+  matchBlocks = {
+    "github.com" = {
+      port = 22;
+      user = "git";
+      identityFile = "~/.ssh/GitHub.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
+    "gitlab.com" = {
+      port = 22;
+      user = "git";
+      identityFile = "~/.ssh/GitLab.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
+    "router" = {
+      hostname = "10.0.0.1";
+      port = 22;
+      user = "root";
+      extraOptions = {
+        PreferredAuthentications = "password";
+      };
+    };
+
+    "nas" = {
+      hostname = "10.0.0.100";
+      port = 22;
+      user = "daniel";
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
+
+    "piboat.lan" = {
+      port = 22;
+      user = "pi";
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
+
+    "adsb-antenna" = {
+      hostname = "adsb-antenna.laniot";
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/LAN.pub";
+      identitiesOnly = true;
+    };
+
+    "sail" = {
+      hostname = secret-sail.publicIP;
+      port = 22;
+      user = "daniel";
+      forwardAgent = true;
+      identityFile = "~/.ssh/Hetzner.pub";
+      identitiesOnly = true;
+    };
+  };
+}

home/programs/ssh/shared/work.nix

@@ -0,0 +1,47 @@
+{ secret, ... }:
+
+{
+  matchBlocks = {
+    "git.app.nedeco.de" = {
+      port = 22;
+      user = "git";
+      identityFile = "~/.ssh/nedeco_gitlab.pub";
+      identitiesOnly = true;
+      compression = true;
+    };
+
+    "nedeco-smartos-hosting" = {
+      host = "10.0.90.*";
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/nedeco.pub";
+      identitiesOnly = true;
+    };
+
+    "msc.nedeco.local" = {
+      port = 22;
+      user = "root";
+      identityFile = "~/.ssh/nedeco.pub";
+      identitiesOnly = true;
+    };
+
+    "headnode.nedeco-hosting.local" = {
+      hostname = "10.0.90.13";
+      port = 22;
+      user = "root";
+      extraOptions = {
+        PreferredAuthentications = "password";
+      };
+    };
+
+    "cnode01.nedeco-hosting.local" = {
+      hostname = "10.0.88.45";
+      port = 22;
+      user = "root";
+      proxyCommand = "ssh headnode.nedeco-hosting.local nc -w 120 %h %p";
+      extraOptions = {
+        PreferredAuthentications = "password";
+      };
+    };
+  } // secret.ssh.matchBlocks.work;
+}