john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ssh matchset options

Browse Source
This commit is contained in:
John Lancaster
2026-02-16 12:26:48 -06:00
parent 524af5b24f
commit b4b3b70511
1 changed files with 39 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
modules/home-manager/ssh.nix
View File

@@ -5,18 +5,23 @@ in
{ {
flake.homeModules.ssh = { pkgs, config, lib, ... }: flake.homeModules.ssh = { pkgs, config, lib, ... }:
{ {
options = { options.ssh = {
sshIdentityFile = lib.mkOption { IdentityFile = lib.mkOption {
# Intentionally not using a path type here because that will end up with the private key getting copied into the store # Intentionally not using a path type here because that will end up with the private key getting copied into the store
type = lib.types.str; type = lib.types.str;
default = "${config.home.homeDirectory}/.ssh/id_ed25519"; default = "${config.home.homeDirectory}/.ssh/id_ed25519";
description = "Path to the SSH identity file."; description = "Path to the SSH identity file.";
}; };
matchSets = {
appdaemon = lib.mkEnableOption "Enable AppDaemon SSH targets";
certs = lib.mkEnableOption "Enable Janus and Soteria SSH targets";
};
}; };
# All this stuff has to be wrapped in a config attribute because of the presence of the options here? # All this stuff has to be wrapped in a config attribute because of the presence of the options here?
config = let config = let
identityFile = config.sshIdentityFile; identityFile = config.ssh.IdentityFile;
publicKeyFile = "${identityFile}.pub"; publicKeyFile = "${identityFile}.pub";
certificateFile = "${identityFile}-cert.pub"; certificateFile = "${identityFile}-cert.pub";
userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts"; userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts";
@@ -40,33 +45,41 @@ in
IdentityAgent ~/.1password/agent.sock IdentityAgent ~/.1password/agent.sock
''; '';
matchBlocks = { matchBlocks = lib.mkMerge [
"*" = { {
user = "john"; "*" = {
user = "john";
compression = false; compression = false;
serverAliveInterval = 0; serverAliveInterval = 0;
serverAliveCountMax = 3; serverAliveCountMax = 3;
identitiesOnly = true; identitiesOnly = true;
inherit identityFile certificateFile; inherit identityFile certificateFile;
hashKnownHosts = false; hashKnownHosts = false;
userKnownHostsFile = "${userKnownHostsFile}"; userKnownHostsFile = "${userKnownHostsFile}";
addKeysToAgent = "yes"; addKeysToAgent = "yes";
forwardAgent = false; forwardAgent = false;
}; };
}
"janus" = { (lib.mkIf config.ssh.matchsets.appdaemon {
hostname = "janus.john-stream.com"; "appdaemon" = {
user = "root"; hostname = "192.168.1.242";
}; };
"soteria" = { })
hostname = "soteria.john-stream.com"; (lib.mkIf config.ssh.matchsets.certs {
user = "john"; "janus" = {
}; hostname = "janus.john-stream.com";
}; user = "root";
};
"soteria" = {
hostname = "soteria.john-stream.com";
user = "john";
};
})
];
}; };
}; };
}; };