jsl-home/homeManagerModules/ssh.nix

{ config, lib, ... }:
{
  programs.ssh = lib.mkIf config.ssh {
    enable = true;
    enableDefaultConfig = false;
    extraConfig = ''
      SetEnv TERM="xterm-256color"
      ${lib.optionalString config._1password "IdentityAgent ~/.1password/agent.sock"}
    '';
    matchBlocks = lib.mkMerge [
      {
        "*" = {
          user = "john";

          # From the help text about the deprecation of the default config:
          forwardAgent = false;
          addKeysToAgent = "no";
          compression = false;
          serverAliveInterval = 0;
          serverAliveCountMax = 3;
          hashKnownHosts = false;
          userKnownHostsFile = "~/.ssh/known_hosts";
          controlMaster = "no";
          controlPath = "~/.ssh/master-%r@%n:%p";
          controlPersist = "no";
        };
      }
      (lib.mkIf (config.profile == "personal") {
        "ad-nix" = {
          hostname = "192.168.1.201";
          user = "appdaemon";
        };
        "appdaemon" = {
          hostname = "192.168.1.242";
          user = "appdaemon";
        };
        "docs" = {
          hostname = "192.168.1.110";
          user = "root";
        };
        "gitea" = {
          hostname = "192.168.1.104";
          user = "john";
        };
        "hermes" = {
          hostname = "192.168.1.150";
          user = "root";
        };
        "panoptes" = {
          hostname = "192.168.1.107";
          user = "panoptes";
        };
        "panoptes-root" = {
          hostname = "192.168.1.107";
          user = "root";
        };
        "platform-caddy" = {
          hostname = "192.168.1.65";
          user = "root";
        };
        "pve5070" = {
          hostname = "192.168.1.130";
          user = "root";
        };
        "nix-test" = {
          hostname = "192.168.1.36";
          user = "john";
        };
        "z2m-nix" = {
          hostname = "192.168.1.129";
          user = "root";
        };
        "soteria" = {
          hostname = "soteria.john-stream.com";
          user = "john";
          identitiesOnly = true;
          identityFile = "~/.ssh/id_ed25519";
          certificateFile = "~/.ssh/id_ed25519-cert.pub";
        };
        "*.john-stream.com" = {
          user = "john";
          identitiesOnly = true;
          identityFile = "~/.ssh/id_ed25519";
          certificateFile = "~/.ssh/id_ed25519-cert.pub";
          addKeysToAgent = "yes";
          forwardAgent = true;
        };
      })
      (lib.mkIf (config.profile == "work") {
        "ubuntu-nvidia" = {
          hostname = "10.118.46.120";
          user = "john";
        };
      })
    ];
  };
}