From 91fb4f28ef5d87e8bcf7749928d30ba4a9cbbd34 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sun, 19 Feb 2023 17:50:35 +0300 Subject: 2023-02-19 --- modules/common/openssh.nix | 58 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 modules/common/openssh.nix (limited to 'modules/common/openssh.nix') diff --git a/modules/common/openssh.nix b/modules/common/openssh.nix new file mode 100644 index 0000000..4b80809 --- /dev/null +++ b/modules/common/openssh.nix @@ -0,0 +1,58 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.openssh; +in { + options.nixfiles.modules.openssh.client.enable = + mkEnableOption "OpenSSH client"; + + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [mosh sshfs]; + + programs.ssh = { + enable = true; + + hashKnownHosts = true; + + controlMaster = "auto"; + controlPersist = "24H"; + + serverAliveCountMax = 30; + serverAliveInterval = 60; + + matchBlocks = let + mkBlock = name: { + hostname ? name, + port ? 22022, # NOTE This is not the default OpenSSH port. + user ? my.username, + identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + extraAttrs ? {}, + }: + nameValuePair name ({inherit hostname port user identityFile;} + // extraAttrs); + + internalServers = + mapAttrs' mkBlock + (mapAttrs (name: _: { + hostname = "${name}.${my.domain.shire}"; + }) (filterAttrs (_: attr: + hasAttr "wireguard" attr + && attr.isHeadless) + my.configurations)); + in + internalServers + // (mapAttrs' mkBlock { + gitolite = { + user = "git"; + hostname = "git.${my.domain.shire}"; + }; + }); + }; + }; + }; +} -- cgit 1.4.1