configs/ssh.nix

{pkgs, ...}: let
  inherit (import ../lib) sshPort kieran;
  externalNetwork = import ../lib/external-network.nix;
in {
  users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;

  programs.ssh.startAgent = true;

  home-manager.users.me = {
    # https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663
    xsession.profileExtra = ''
      eval $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --daemonize --components=ssh,secrets)
      export SSH_AUTH_SOCK
    '';
    # services.gpg-agent = rec {
    #   enable = false;
    #   enableSshSupport = true;
    #   defaultCacheTtlSsh = 2 * 60 * 60;
    #   maxCacheTtlSsh = 4 * defaultCacheTtlSsh;
    #   sshKeys = [
    #     "568047C91DE03A23883E340F15A9C24D313E847C"
    #     "BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519
    #     "3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa
    #     "0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519
    #     "A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519
    #   ];
    # };
  };

  # environment.extraInit = ''
    # if [[ -z "$SSH_AUTH_SOCK" ]]; then
    #   export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"
    # fi
  # '';

  # environment.interactiveShellInit = ''
    # GPG_TTY="$(tty)"
    # export GPG_TTY
    # ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null
  # '';

  home-manager.users.me.programs.ssh = {
    enable = true;
    matchBlocks = {
      "github.com" = {
        hostname = "ssh.github.com";
        port = 443;
      };
      zaatar = {
        hostname = "zaatar.r";
        user = "root";
        port = sshPort;
      };
      makanek = {
        hostname = externalNetwork.makanek;
        user = "root";
        port = sshPort;
      };
      ful = {
        hostname = externalNetwork.ful;
        user = "root";
        port = sshPort;
      };
      tahina = {
        hostname = "tahina.r";
        user = "root";
        port = sshPort;
      };
      tabula = {
        hostname = "tabula.r";
        user = "root";
        port = sshPort;
      };
      manakish = {
        hostname = "manakish.r";
        user = "kfm";
        port = sshPort;
      };
      kabsa = {
        hostname = "kabsa.r";
        user = "kfm";
        port = sshPort;
      };
      fatteh = {
        hostname = "fatteh.r";
        user = "kfm";
        port = sshPort;
      };
    };
  };
}
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`{pkgs, ...}: let`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`inherit (import ../lib) sshPort kieran;`
			`externalNetwork = import ../lib/external-network.nix;`
modularize 2019-04-19 03:11:51 +02:00			`in {`
feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;`
modularize 2019-04-19 03:11:51 +02:00
feat: gnome-keyring not via home-manager 2024-03-20 08:12:50 +01:00			`programs.ssh.startAgent = true;`

feat: gpg ssh key 2023-03-11 06:36:22 +01:00			`home-manager.users.me = {`
feat: gnome-keyring not via home-manager 2024-03-20 08:12:50 +01:00			`# https://discourse.nixos.org/t/gnome-keyring-and-ssh-agent-without-gnome/11663`
			`xsession.profileExtra = ''`
			`eval $(${pkgs.gnome3.gnome-keyring}/bin/gnome-keyring-daemon --daemonize --components=ssh,secrets)`
			`export SSH_AUTH_SOCK`
			`'';`
			`# services.gpg-agent = rec {`
			`# enable = false;`
			`# enableSshSupport = true;`
			`# defaultCacheTtlSsh = 2 * 60 * 60;`
			`# maxCacheTtlSsh = 4 * defaultCacheTtlSsh;`
			`# sshKeys = [`
			`# "568047C91DE03A23883E340F15A9C24D313E847C"`
			`# "BB3EE102DB8CD45540A78A6B18B511B67061F6B4" # kfm@manakish ed25519`
			`# "3F8986755818B5762A096BE212777EAAC441DD9D" # fysiweb rsa`
			`# "0E4ABD229432486CC432639BB0986B2CDE365105" # agenix ed25519`
			`# "A1E8D32CBFCDBD2DE798E2298D795CCFD785AE06" # kfm@kabsa ed25519`
			`# ];`
			`# };`
feat: gpg ssh key 2023-03-11 06:36:22 +01:00			`};`

feat: gnome-keyring not via home-manager 2024-03-20 08:12:50 +01:00			`# environment.extraInit = ''`
			`# if [[ -z "$SSH_AUTH_SOCK" ]]; then`
			`# export SSH_AUTH_SOCK="$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)"`
			`# fi`
			`# '';`
feat(ssh): use gpg agent for agent 2023-03-12 18:26:58 +01:00
feat: gnome-keyring not via home-manager 2024-03-20 08:12:50 +01:00			`# environment.interactiveShellInit = ''`
			`# GPG_TTY="$(tty)"`
			`# export GPG_TTY`
			`# ${pkgs.gnupg}/bin/gpg-connect-agent updatestartuptty /bye > /dev/null`
			`# '';`
feat(ssh): use gpg agent for agent 2023-03-12 18:26:58 +01:00
modularize 2019-04-19 03:11:51 +02:00			`home-manager.users.me.programs.ssh = {`
			`enable = true;`
feat: move email/ssh to fysi/hu-berlin/fu-berlin 2023-08-06 21:18:42 +02:00			`matchBlocks = {`
feat(ssh): add github.com 2020-07-27 13:38:24 +02:00			`"github.com" = {`
			`hostname = "ssh.github.com";`
			`port = 443;`
			`};`
chore: scardanelli -> zaatar 2020-10-28 21:56:14 +01:00			`zaatar = {`
feat(retiolum): generate hosts from stockholm, finally add zaatar 2020-11-10 22:17:33 +01:00			`hostname = "zaatar.r";`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`user = "root";`
			`port = sshPort;`
			`};`
			`makanek = {`
feat(ssh): get static ipv4 from lib file 2022-05-24 11:09:02 +02:00			`hostname = externalNetwork.makanek;`
feat(ssh): reach ful, makanek via http first 2022-05-20 23:16:46 +02:00			`user = "root";`
			`port = sshPort;`
			`};`
feat(ssh): get static ipv4 from lib file 2022-05-24 11:09:02 +02:00			`ful = {`
			`hostname = externalNetwork.ful;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`user = "root";`
modularize 2019-04-19 03:11:51 +02:00			`port = sshPort;`
			`};`
feat(tahina): init 2022-03-16 16:04:22 +01:00			`tahina = {`
			`hostname = "tahina.r";`
			`user = "root";`
			`port = sshPort;`
			`};`
fix(tabula): networking, sound 2022-11-25 11:27:43 +01:00			`tabula = {`
			`hostname = "tabula.r";`
			`user = "root";`
			`port = sshPort;`
			`};`
feat(manakish): add to retiolum 2020-11-06 10:52:30 +01:00			`manakish = {`
			`hostname = "manakish.r";`
			`user = "kfm";`
			`port = sshPort;`
			`};`
feat: wilde -> kabsa 2021-09-19 09:41:51 +02:00			`kabsa = {`
			`hostname = "kabsa.r";`
wilde: add to retiolum 2019-06-15 20:11:39 +02:00			`user = "kfm";`
			`port = sshPort;`
			`};`
feat(fatteh): integrate into niveum 2024-03-19 20:31:02 +01:00			`fatteh = {`
fix(ssh): fatteh hostname 2024-03-20 08:12:59 +01:00			`hostname = "fatteh.r";`
feat(fatteh): integrate into niveum 2024-03-19 20:31:02 +01:00			`user = "kfm";`
			`port = sshPort;`
			`};`
modularize 2019-04-19 03:11:51 +02:00			`};`
			`};`
			`}`