1
0
Fork 0
dotfiles/home/programs/ssh/Styx.nix

64 lines
1.5 KiB
Nix

{ pkgs, config, ... }:
let
secret = import ../../../secret/hosts/Styx.nix;
ssh-directory = "${config.home.homeDirectory}/.ssh";
auth-socket = "${config.home.homeDirectory}/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock";
signers-directory = "${ssh-directory}/allowed_signers";
shared-private = import ./shared/private.nix;
shared-work = import ./shared/work.nix { inherit secret; };
ssh-keys = import ../../../system/shared/ssh-keys.nix;
in
{
home.packages = [ pkgs.openssh ];
programs.ssh = {
enable = true;
forwardAgent = false;
compression = false;
hashKnownHosts = true;
serverAliveInterval = 60;
extraConfig = ''
IdentityAgent "${auth-socket}"
VerifyHostKeyDNS yes
'';
matchBlocks = shared-private.matchBlocks // shared-work.matchBlocks;
includes = [
"~/.ssh/config_work"
];
};
home.file = {
"${ssh-directory}/GitHub.pub".text = ssh-keys.GitHub;
"${ssh-directory}/GitLab.pub".text = ssh-keys.GitLab;
"${ssh-directory}/Hetzner.pub".text = ssh-keys.Hetzner;
"${ssh-directory}/LAN.pub".text = ssh-keys.LAN;
"${signers-directory}" = {
source = ../../config/ssh/allowed_signers;
recursive = true;
};
};
# Make agent available to all programs
home.sessionVariables.SSH_AUTH_SOCK = "${auth-socket}";
launchd.agents.SSH_AUTH_SOCK = {
enable = true;
config = {
ProgramArguments = [
"/bin/sh"
"-c"
"/bin/ln -sf \"${auth-socket}\" $SSH_AUTH_SOCK"
];
RunAtLoad = true;
};
};
}