99 lines
2.9 KiB
Nix
99 lines
2.9 KiB
Nix
{ config
|
|
, lib
|
|
, ...
|
|
}:
|
|
with lib; let
|
|
cfg = config.eboskma.programs.ssh;
|
|
var = config.eboskma.var;
|
|
personalKey = "~/.ssh/id_ed25519_sk";
|
|
horusKey = "~/.ssh/id_ed25519_sk_horus";
|
|
in
|
|
{
|
|
options.eboskma.programs.ssh = { enable = mkEnableOption "activate ssh"; };
|
|
|
|
config = mkIf cfg.enable {
|
|
programs.ssh = {
|
|
enable = true;
|
|
hashKnownHosts = true;
|
|
matchBlocks = {
|
|
"*" = {
|
|
identityFile = if var.workSystem then horusKey else personalKey;
|
|
identitiesOnly = true;
|
|
extraOptions = {
|
|
Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
|
|
KexAlgorithms = "curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group-exchange-sha256";
|
|
MACs = "hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,umac-128-etm@openssh.com";
|
|
HostKeyAlgorithms = "ssh-ed25519,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-256,rsa-sha2-256-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-512-cert-v01@openssh.com";
|
|
SetEnv = "TERM=xterm-256color";
|
|
};
|
|
};
|
|
home = mkIf (!var.workSystem) {
|
|
host = "home";
|
|
hostname = "10.0.0.2";
|
|
extraOptions = {
|
|
ControlMaster = "auto";
|
|
ControlPersist = "5m";
|
|
};
|
|
};
|
|
|
|
horus = mkIf (!var.workSystem) {
|
|
host = "horus";
|
|
hostname = "10.1.0.2";
|
|
proxyJump = "home";
|
|
extraOptions = {
|
|
ControlMaster = "auto";
|
|
ControlPersist = "5m";
|
|
};
|
|
};
|
|
|
|
proxy = mkIf (!var.workSystem) {
|
|
hostname = "10.0.0.251";
|
|
};
|
|
|
|
gitea = mkIf (!var.workSystem) {
|
|
hostname = "10.0.0.201";
|
|
};
|
|
|
|
drone = mkIf (!var.workSystem) {
|
|
hostname = "10.0.0.202";
|
|
};
|
|
|
|
"git.datarift.nl" = {
|
|
hostname = if var.workSystem then "direct.datarift.nl" else "10.0.0.201";
|
|
port = if var.workSystem then 2222 else 22;
|
|
identityFile = personalKey;
|
|
};
|
|
|
|
fluiddpi = mkIf (!var.workSystem) {
|
|
hostname = "10.0.0.120";
|
|
user = "pi";
|
|
};
|
|
|
|
horus-vpn = {
|
|
hostname = "192.168.4.202";
|
|
identityFile = horusKey;
|
|
forwardAgent = true;
|
|
};
|
|
|
|
"repohost.bedum.horus.nu" = {
|
|
forwardAgent = true;
|
|
};
|
|
|
|
"gitea.bedum.horus.nu" = {
|
|
forwardAgent = true;
|
|
};
|
|
|
|
monitoring = {
|
|
hostname = "monitoring.internal.horus.nu";
|
|
identityFile = horusKey;
|
|
};
|
|
|
|
buildserver2 = {
|
|
hostname = "buildserver2.bedum.horus.nu";
|
|
user = "horus";
|
|
identityFile = horusKey;
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|