nixos-config/home-manager/modules/ssh/default.nix

105 lines
3.1 KiB
Nix
Raw Permalink Normal View History

2024-02-05 11:12:28 +01:00
{ config, lib, ... }:
with lib;
let
2022-03-01 22:19:03 +01:00
cfg = config.eboskma.programs.ssh;
2022-11-14 18:49:06 +01:00
var = config.eboskma.var;
2023-11-17 16:52:50 +01:00
personalKey = "~/.ssh/id_ed25519_sk_personal.pub";
horusKey = "~/.ssh/id_ed25519_sk_horus.pub";
in
{
2024-02-05 11:12:28 +01:00
options.eboskma.programs.ssh = {
enable = mkEnableOption "activate ssh";
};
2021-12-24 17:57:22 +01:00
2022-05-03 18:17:38 +02:00
config = mkIf cfg.enable {
2021-12-24 17:57:22 +01:00
programs.ssh = {
enable = true;
hashKnownHosts = true;
2023-03-10 12:56:51 +01:00
controlPath = "~/.ssh/master-%r@%n:%p";
2021-12-24 17:57:22 +01:00
matchBlocks = {
"*" = {
identityFile = if var.workSystem then horusKey else personalKey;
2021-12-24 17:57:22 +01:00
identitiesOnly = true;
extraOptions = {
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
KexAlgorithms = "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256";
MACs = "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com";
HostKeyAlgorithms = "ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com";
2022-01-13 09:03:22 +01:00
SetEnv = "TERM=xterm-256color";
2021-12-24 17:57:22 +01:00
};
};
2022-11-14 18:49:06 +01:00
home = mkIf (!var.workSystem) {
2021-12-24 17:57:22 +01:00
host = "home";
hostname = "10.0.0.2";
extraOptions = {
ControlMaster = "auto";
ControlPersist = "5m";
};
};
2022-11-14 18:49:06 +01:00
horus = mkIf (!var.workSystem) {
2021-12-24 17:57:22 +01:00
host = "horus";
hostname = "10.1.0.2";
proxyJump = "home";
extraOptions = {
ControlMaster = "auto";
ControlPersist = "5m";
};
};
2023-05-03 08:05:29 +02:00
"rsync.net" = mkIf (!var.workSystem) {
hostname = "zh2088.rsync.net";
user = "zh2088";
identityFile = "~/.ssh/id_ed25519-rsync.net";
};
2021-12-24 17:57:22 +01:00
"git.datarift.nl" = {
2024-01-06 13:44:40 +01:00
# hostname = "gitea.barn-beaver.ts.net";
# port = 2222;
hostname = "10.0.0.203";
2022-11-22 17:41:49 +01:00
identityFile = personalKey;
2021-12-24 17:57:22 +01:00
};
2024-02-05 11:12:28 +01:00
hass = {
hostname = "10.0.0.254";
user = "root";
identityFile = "~/.ssh/id_ed25519";
extraOptions = {
ControlMaster = "auto";
ControlPersist = "10m";
2024-01-06 13:44:22 +01:00
};
2024-02-05 11:12:28 +01:00
};
2024-01-06 13:44:22 +01:00
2021-12-24 17:57:22 +01:00
horus-vpn = {
hostname = "192.168.4.202";
2022-11-01 19:57:52 +01:00
identityFile = horusKey;
forwardAgent = true;
2021-12-24 17:57:22 +01:00
};
"repohost.bedum.horus.nu" = {
forwardAgent = true;
2023-03-10 12:56:51 +01:00
extraOptions = {
ControlMaster = "auto";
ControlPersist = "10m";
};
2021-12-24 17:57:22 +01:00
};
2022-10-26 17:03:15 +02:00
"gitea.bedum.horus.nu" = {
forwardAgent = true;
};
2022-11-19 17:23:14 +01:00
monitoring = {
hostname = "monitoring.internal.horus.nu";
identityFile = horusKey;
};
buildserver2 = {
hostname = "buildserver2.bedum.horus.nu";
user = "horus";
identityFile = horusKey;
};
2021-12-24 17:57:22 +01:00
};
};
};
}