itools/configs/ssh.nix

{
  pkgs,
  config,
  lib,
  ...
}: let
  inherit (import ../lib) sshPort kieran;
  externalNetwork = import ../lib/external-network.nix;
  sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
in {
  users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;

  home-manager.users.me = {
    services.gpg-agent = rec {
      enable = true;
      enableSshSupport = true;
      defaultCacheTtlSsh = 2 * 60 * 60;
      maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
      sshKeys = [
        "568047C91DE03A23883E340F15A9C24D313E847C"
        "BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519
        "3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa
        "0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519
        "A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519
      ];
    };
  };

  environment.extraInit = ''
    if [[ -z "$SSH_AUTH_SOCK" ]]; then
      export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"
    fi
  '';

  environment.interactiveShellInit = ''
    GPG_TTY="$(tty)"
    export GPG_TTY
    ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null
  '';

  home-manager.users.me.programs.ssh = {
    enable = true;
    matchBlocks = rec {
      "github.com" = {
        hostname = "ssh.github.com";
        port = 443;
      };
      zaatar = {
        hostname = "zaatar.r";
        user = "root";
        port = sshPort;
      };
      makanek = {
        hostname = externalNetwork.makanek;
        user = "root";
        port = sshPort;
      };
      ful = {
        hostname = externalNetwork.ful;
        user = "root";
        port = sshPort;
      };
      tahina = {
        hostname = "tahina.r";
        user = "root";
        port = sshPort;
      };
      tabula = {
        hostname = "tabula.r";
        user = "root";
        port = sshPort;
      };
      manakish = {
        hostname = "manakish.r";
        user = "kfm";
        port = sshPort;
      };
      kabsa = {
        hostname = "kabsa.r";
        user = "kfm";
        port = sshPort;
      };
      "nextcloud.fysi.dev" = {
        hostname = "116.203.82.203";
        user = "root";
      };
      "lingua.miaengiadina.ch" = {
        hostname = "135.181.85.233";
        user = "root";
      };
      "cms-dev.woc2023.app".identityFile = sshIdentity "fysiweb";
      "cms-master.woc2023.app".identityFile = sshIdentity "fysiweb";
      "fysi-dev1" = {
        hostname = "94.130.229.139";
        user = "root";
        identityFile = sshIdentity "fysiweb";
      };
      ${fysi-dev1.hostname} = fysi-dev1;
      "fysi-shared0" = {
        hostname = "49.12.205.235";
        user = "root";
        identityFile = sshIdentity "fysiweb";
      };
    };
  };
}
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`{`
			`pkgs,`
			`config,`
			`lib,`
			`...`
			`}: let`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`inherit (import ../lib) sshPort kieran;`
			`externalNetwork = import ../lib/external-network.nix;`
feat(ssh): fysi machines 2022-07-06 15:10:47 +02:00			`sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";`
modularize 2019-04-19 03:11:51 +02:00			`in {`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;`
modularize 2019-04-19 03:11:51 +02:00
feat: gpg ssh key 2023-03-11 06:36:22 +01:00			`home-manager.users.me = {`
			`services.gpg-agent = rec {`
			`enable = true;`
			`enableSshSupport = true;`
			`defaultCacheTtlSsh = 2 * 60 * 60;`
			`maxCacheTtlSsh = 4 * defaultCacheTtlSsh;`
			`sshKeys = [`
			`"568047C91DE03A23883E340F15A9C24D313E847C"`
feat(ssh): use gpg agent for agent 2023-03-12 18:26:58 +01:00			`"BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519`
			`"3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa`
			`"0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519`
feat(ssh): add kabsa key to agent 2023-03-20 12:23:49 +01:00			`"A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519`
feat: gpg ssh key 2023-03-11 06:36:22 +01:00			`];`
			`};`
			`};`

feat(ssh): use gpg agent for agent 2023-03-12 18:26:58 +01:00			`environment.extraInit = ''`
			`if [[ -z "$SSH_AUTH_SOCK" ]]; then`
			`export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"`
			`fi`
			`'';`

			`environment.interactiveShellInit = ''`
			`GPG_TTY="$(tty)"`
			`export GPG_TTY`
			`${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null`
			`'';`

modularize 2019-04-19 03:11:51 +02:00			`home-manager.users.me.programs.ssh = {`
			`enable = true;`
feat(ssh): use fysiweb identity for ip login on dev1 2022-09-28 15:54:42 +02:00			`matchBlocks = rec {`
feat(ssh): add github.com 2020-07-27 13:38:24 +02:00			`"github.com" = {`
			`hostname = "ssh.github.com";`
			`port = 443;`
			`};`
chore: scardanelli -> zaatar 2020-10-28 21:56:14 +01:00			`zaatar = {`
feat(retiolum): generate hosts from stockholm, finally add zaatar 2020-11-10 22:17:33 +01:00			`hostname = "zaatar.r";`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`user = "root";`
			`port = sshPort;`
			`};`
			`makanek = {`
feat(ssh): get static ipv4 from lib file 2022-05-24 11:09:02 +02:00			`hostname = externalNetwork.makanek;`
feat(ssh): reach ful, makanek via http first 2022-05-20 23:16:46 +02:00			`user = "root";`
			`port = sshPort;`
			`};`
feat(ssh): get static ipv4 from lib file 2022-05-24 11:09:02 +02:00			`ful = {`
			`hostname = externalNetwork.ful;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`user = "root";`
modularize 2019-04-19 03:11:51 +02:00			`port = sshPort;`
			`};`
feat(tahina): init 2022-03-16 16:04:22 +01:00			`tahina = {`
			`hostname = "tahina.r";`
			`user = "root";`
			`port = sshPort;`
			`};`
fix(tabula): networking, sound 2022-11-25 11:27:43 +01:00			`tabula = {`
			`hostname = "tabula.r";`
			`user = "root";`
			`port = sshPort;`
			`};`
feat(manakish): add to retiolum 2020-11-06 10:52:30 +01:00			`manakish = {`
			`hostname = "manakish.r";`
			`user = "kfm";`
			`port = sshPort;`
			`};`
feat: wilde -> kabsa 2021-09-19 09:41:51 +02:00			`kabsa = {`
			`hostname = "kabsa.r";`
wilde: add to retiolum 2019-06-15 20:11:39 +02:00			`user = "kfm";`
			`port = sshPort;`
			`};`
feat(ssh): add fysi machines 2021-04-21 11:56:59 +02:00			`"nextcloud.fysi.dev" = {`
			`hostname = "116.203.82.203";`
			`user = "root";`
			`};`
			`"lingua.miaengiadina.ch" = {`
			`hostname = "135.181.85.233";`
			`user = "root";`
			`};`
feat(ssh): add one more fysiweb host 2023-02-16 11:53:40 +01:00			`"cms-dev.woc2023.app".identityFile = sshIdentity "fysiweb";`
			`"cms-master.woc2023.app".identityFile = sshIdentity "fysiweb";`
feat(ssh): fysi machines 2022-07-06 15:10:47 +02:00			`"fysi-dev1" = {`
			`hostname = "94.130.229.139";`
			`user = "root";`
			`identityFile = sshIdentity "fysiweb";`
			`};`
feat(ssh): use fysiweb identity for ip login on dev1 2022-09-28 15:54:42 +02:00			`${fysi-dev1.hostname} = fysi-dev1;`
feat(ssh): fysi machines 2022-07-06 15:10:47 +02:00			`"fysi-shared0" = {`
			`hostname = "49.12.205.235";`
			`user = "root";`
			`identityFile = sshIdentity "fysiweb";`
			`};`
modularize 2019-04-19 03:11:51 +02:00			`};`
			`};`
			`}`