john/dendritic
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8039d843472c06094efbb80e30419dc63f457d50
dendritic/modules/home-manager/programs/ssh.nix
John Lancaster b96b9b2409 separated programs directory
2026-03-08 13:31:33 -05:00

113 lines
3.3 KiB
Nix
Raw Blame History

{inputs, ... }:
let
userName = "john";
in
{
flake.homeModules.ssh = { pkgs, config, lib, ... }:
{
options.ssh = {
IdentityFile = lib.mkOption {
# Intentionally not using a path type here because that will end up with the private key getting copied into the store
type = lib.types.str;
default = "${config.home.homeDirectory}/.ssh/id_ed25519";
description = "Path to the SSH identity file.";
};
matchSets = {
appdaemon = lib.mkEnableOption "Enable AppDaemon SSH targets";
certs = lib.mkEnableOption "Enable Janus and Soteria SSH targets";
homelab = lib.mkEnableOption "Enable various Homelab targets";
};
};
# All this stuff has to be wrapped in a config attribute because of the presence of the options here?
config = let
identityFile = config.ssh.IdentityFile;
publicKeyFile = "${identityFile}.pub";
certificateFile = "${identityFile}-cert.pub";
userKnownHostsFile = "${config.home.homeDirectory}/.ssh/known_hosts";
in {
home.packages = [
(pkgs.writeShellScriptBin "sign-ssh-cert" ''
echo "Signing ${publicKeyFile}"
echo "Copy the Step-CA JWK Provisioner password from 1password"
step ssh certificate --sign \
--principal root \
--principal ${userName} \
--principal appdaemon \
--provisioner admin \
${userName} ${publicKeyFile}
'')
];
programs.ssh = {
enable = true;
enableDefaultConfig = false;
extraConfig = ''
SetEnv TERM="xterm-256color"
IdentityAgent ~/.1password/agent.sock
'';
matchBlocks = lib.mkMerge [
{
"*" = {
user = "john";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
identitiesOnly = true;
inherit identityFile certificateFile;
hashKnownHosts = false;
userKnownHostsFile = "${userKnownHostsFile}";
addKeysToAgent = "yes";
forwardAgent = false;
};
}
(lib.mkIf config.ssh.matchSets.appdaemon {
"appdaemon" = {
hostname = "192.168.1.242";
user = "appdaemon";
};
"ad-nix" = {
hostname = "192.168.1.201";
user = "appdaemon";
};
})
(lib.mkIf config.ssh.matchSets.certs {
"janus" = {
hostname = "janus.john-stream.com";
user = "root";
};
"soteria" = {
hostname = "soteria.john-stream.com";
user = "john";
};
})
(lib.mkIf config.ssh.matchSets.homelab {
"docs" = {
hostname = "192.168.1.110";
user = "root";
};
"gitea" = {
hostname = "192.168.1.104";
user = "john";
};
"hermes" = {
hostname = "192.168.1.150";
user = "root";
};
"panoptes" = {
hostname = "192.168.1.107";
user = "panoptes";
};
})
];
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink