configs/ssh.nix

{
  pkgs,
  config,
  lib,
  ...
}: let
  inherit (import ../lib) sshPort kieran;
  externalNetwork = import ../lib/external-network.nix;
  sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
  ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
in {
  /*
     TODO how do I do this?
  services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
    #!${pkgs.expect}/bin/expect -f
    spawn ${pkgs.openssh}/bin/ssh-add
    expect "Enter passphrase for *:"
    send "${ssh-passphrase}\n";
    expect "Identity added: *"
    interact
  '');
  */

  programs.ssh.startAgent = true;

  users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;

  home-manager.users.me.programs.ssh = {
    enable = true;
    matchBlocks = rec {
      "github.com" = {
        hostname = "ssh.github.com";
        port = 443;
      };
      zaatar = {
        hostname = "zaatar.r";
        user = "root";
        port = sshPort;
      };
      makanek = {
        hostname = externalNetwork.makanek;
        user = "root";
        port = sshPort;
      };
      ful = {
        hostname = externalNetwork.ful;
        user = "root";
        port = sshPort;
      };
      tahina = {
        hostname = "tahina.r";
        user = "root";
        port = sshPort;
      };
      tabula = {
        hostname = "tabula.r";
        user = "root";
        port = sshPort;
      };
      manakish = {
        hostname = "manakish.r";
        user = "kfm";
        port = sshPort;
      };
      kabsa = {
        hostname = "kabsa.r";
        user = "kfm";
        port = sshPort;
      };
      "nextcloud.fysi.dev" = {
        hostname = "116.203.82.203";
        user = "root";
      };
      "lingua.miaengiadina.ch" = {
        hostname = "135.181.85.233";
        user = "root";
      };
      "cms-dev.woc2023.app".identityFile = sshIdentity "fysiweb";
      "cms-master.woc2023.app".identityFile = sshIdentity "fysiweb";
      "fysi-dev1" = {
        hostname = "94.130.229.139";
        user = "root";
        identityFile = sshIdentity "fysiweb";
      };
      ${fysi-dev1.hostname} = fysi-dev1;
      "fysi-shared0" = {
        hostname = "49.12.205.235";
        user = "root";
        identityFile = sshIdentity "fysiweb";
      };
    };
  };
}
chore: format with alejandra 2022-03-10 21:52:12 +01:00			`{`
			`pkgs,`
			`config,`
			`lib,`
			`...`
			`}: let`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`inherit (import ../lib) sshPort kieran;`
			`externalNetwork = import ../lib/external-network.nix;`
feat(ssh): fysi machines 2022-07-06 15:10:47 +02:00			`sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";`
feat: reenable ssh agent, gpg did not work 2022-12-17 10:03:00 +01:00			`ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;`
modularize 2019-04-19 03:11:51 +02:00			`in {`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`/*`
			`TODO how do I do this?`
feat: reenable ssh agent, gpg did not work 2022-12-17 10:03:00 +01:00			`services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''`
			`#!${pkgs.expect}/bin/expect -f`
			`spawn ${pkgs.openssh}/bin/ssh-add`
			`expect "Enter passphrase for *:"`
			`send "${ssh-passphrase}\n";`
			`expect "Identity added: *"`
			`interact`
			`'');`
feat: convert to flake feat(zaatar): convert to flake feat(tahina, tabula): convert to flake feat(makanek): convert to flake feat(manakish, zaatar): convert to flake feat(ci): build flake systems fix: ci build feat: secrets via submodule foo foo foo 2023-02-22 10:02:55 +01:00			`*/`
feat: reenable ssh agent, gpg did not work 2022-12-17 10:03:00 +01:00
			`programs.ssh.startAgent = true;`

feat: run moodle-dl on toum, sshfs from wilde 2020-10-31 20:52:10 +01:00			`users.users.me.openssh.authorizedKeys.keys = kieran.sshKeys pkgs;`
modularize 2019-04-19 03:11:51 +02:00
			`home-manager.users.me.programs.ssh = {`
			`enable = true;`
feat(ssh): use fysiweb identity for ip login on dev1 2022-09-28 15:54:42 +02:00			`matchBlocks = rec {`
feat(ssh): add github.com 2020-07-27 13:38:24 +02:00			`"github.com" = {`
			`hostname = "ssh.github.com";`
			`port = 443;`
			`};`
chore: scardanelli -> zaatar 2020-10-28 21:56:14 +01:00			`zaatar = {`
feat(retiolum): generate hosts from stockholm, finally add zaatar 2020-11-10 22:17:33 +01:00			`hostname = "zaatar.r";`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`user = "root";`
			`port = sshPort;`
			`};`
			`makanek = {`
feat(ssh): get static ipv4 from lib file 2022-05-24 11:09:02 +02:00			`hostname = externalNetwork.makanek;`
feat(ssh): reach ful, makanek via http first 2022-05-20 23:16:46 +02:00			`user = "root";`
			`port = sshPort;`
			`};`
feat(ssh): get static ipv4 from lib file 2022-05-24 11:09:02 +02:00			`ful = {`
			`hostname = externalNetwork.ful;`
feat(makanek): host codimd, nextcloud 2020-10-31 20:51:25 +01:00			`user = "root";`
modularize 2019-04-19 03:11:51 +02:00			`port = sshPort;`
			`};`
feat(tahina): init 2022-03-16 16:04:22 +01:00			`tahina = {`
			`hostname = "tahina.r";`
			`user = "root";`
			`port = sshPort;`
			`};`
fix(tabula): networking, sound 2022-11-25 11:27:43 +01:00			`tabula = {`
			`hostname = "tabula.r";`
			`user = "root";`
			`port = sshPort;`
			`};`
feat(manakish): add to retiolum 2020-11-06 10:52:30 +01:00			`manakish = {`
			`hostname = "manakish.r";`
			`user = "kfm";`
			`port = sshPort;`
			`};`
feat: wilde -> kabsa 2021-09-19 09:41:51 +02:00			`kabsa = {`
			`hostname = "kabsa.r";`
wilde: add to retiolum 2019-06-15 20:11:39 +02:00			`user = "kfm";`
			`port = sshPort;`
			`};`
feat(ssh): add fysi machines 2021-04-21 11:56:59 +02:00			`"nextcloud.fysi.dev" = {`
			`hostname = "116.203.82.203";`
			`user = "root";`
			`};`
			`"lingua.miaengiadina.ch" = {`
			`hostname = "135.181.85.233";`
			`user = "root";`
			`};`
feat(ssh): add one more fysiweb host 2023-02-16 11:53:40 +01:00			`"cms-dev.woc2023.app".identityFile = sshIdentity "fysiweb";`
			`"cms-master.woc2023.app".identityFile = sshIdentity "fysiweb";`
feat(ssh): fysi machines 2022-07-06 15:10:47 +02:00			`"fysi-dev1" = {`
			`hostname = "94.130.229.139";`
			`user = "root";`
			`identityFile = sshIdentity "fysiweb";`
			`};`
feat(ssh): use fysiweb identity for ip login on dev1 2022-09-28 15:54:42 +02:00			`${fysi-dev1.hostname} = fysi-dev1;`
feat(ssh): fysi machines 2022-07-06 15:10:47 +02:00			`"fysi-shared0" = {`
			`hostname = "49.12.205.235";`
			`user = "root";`
			`identityFile = sshIdentity "fysiweb";`
			`};`
modularize 2019-04-19 03:11:51 +02:00			`};`
			`};`
			`}`