2023-02-19

1 files changed, 58 insertions, 0 deletions

diff --git a/modules/common/openssh.nix b/modules/common/openssh.nix
new file mode 100644
index 0000000..4b80809
--- /dev/null
+++ b/modules/common/openssh.nix
@@ -0,0 +1,58 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.nixfiles.modules.openssh;
+in {
+  options.nixfiles.modules.openssh.client.enable =
+    mkEnableOption "OpenSSH client";
+
+  config = mkIf cfg.client.enable {
+    hm = {
+      home.packages = with pkgs; [mosh sshfs];
+
+      programs.ssh = {
+        enable = true;
+
+        hashKnownHosts = true;
+
+        controlMaster = "auto";
+        controlPersist = "24H";
+
+        serverAliveCountMax = 30;
+        serverAliveInterval = 60;
+
+        matchBlocks = let
+          mkBlock = name: {
+            hostname ? name,
+            port ? 22022, # NOTE This is not the default OpenSSH port.
+            user ? my.username,
+            identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}",
+            extraAttrs ? {},
+          }:
+            nameValuePair name ({inherit hostname port user identityFile;}
+              // extraAttrs);
+
+          internalServers =
+            mapAttrs' mkBlock
+            (mapAttrs (name: _: {
+                hostname = "${name}.${my.domain.shire}";
+              }) (filterAttrs (_: attr:
+                hasAttr "wireguard" attr
+                && attr.isHeadless)
+              my.configurations));
+        in
+          internalServers
+          // (mapAttrs' mkBlock {
+            gitolite = {
+              user = "git";
+              hostname = "git.${my.domain.shire}";
+            };
+          });
+      };
+    };
+  };
+}