pinchflat vpn, testbed random, virt-manager

2025-08-12 17:01:21 -05:00 · 2025-08-12 17:01:21 -05:00 · db6d5161ff
commit db6d5161ff
parent d2eaec6860
13 changed files with 1645 additions and 64 deletions
--- a/common/_home_manager/mods/ssh.nix
+++ b/common/_home_manager/mods/ssh.nix
@ -1,6 +1,16 @@
-{ osConfig, ... }:
+{
+  osConfig,
+  lib,
+  ...
+}:
 let
  inherit (osConfig) age;
+  hasSecret =
+    secret:
+    let
+      secrets = age.secrets or { };
+    in
+    secrets ? secret && secrets.${secret} != null;
 in
 {
  # TODO can I put all IP's in the flake.nix top level settings and pull them in here instead?
@ -12,43 +22,43 @@ in
    '';
    matchBlocks = {
      # EXTERNAL
-      "github.com" = {
+      "github.com" = lib.mkIf (hasSecret "nix2github") {
        identityFile = age.secrets.nix2github.path;
      };
-      "bitbucket.org" = {
+      "bitbucket.org" = lib.mkIf (hasSecret "nix2bitbucket") {
        identityFile = age.secrets.nix2bitbucket.path;
      };
-      # "git.joshuabell.xyz" = {
+      # "git.joshuabell.xyz" =  lib.mkIf (hasSecret "nix2gitjosh") { # TODO remove old
      #   identityFile = age.secrets.nix2gitjosh.path;
      #   user = "git";
      # };
-      "git.joshuabell.xyz" = {
+      "git.joshuabell.xyz" = lib.mkIf (hasSecret "nix2gitforgejo") {
        identityFile = age.secrets.nix2gitforgejo.path;
        user = "git";
      };
      # PERSONAL DEVICES
-      "lio" = {
+      "lio" = lib.mkIf (hasSecret "nix2lio") {
        identityFile = age.secrets.nix2lio.path;
        user = "josh";
      };
-      "lio_" = {
+      "lio_" = lib.mkIf (hasSecret "nix2lio") {
        identityFile = age.secrets.nix2lio.path;
        hostname = "10.12.14.116";
        user = "josh";
      };
-      "oren" = {
+      "oren" = lib.mkIf (hasSecret "nix2oren") {
        identityFile = age.secrets.nix2oren.path;
        user = "josh";
      };
-      "joe" = {
+      "joe" = lib.mkIf (hasSecret "nix2joe") {
        identityFile = age.secrets.nix2joe.path;
        user = "ringo";
      };
-      "gp3" = {
+      "gp3" = lib.mkIf (hasSecret "nix2gpdPocket3") {
        identityFile = age.secrets.nix2gpdPocket3.path;
        user = "josh";
      };
-      "t" = {
+      "t" = lib.mkIf (hasSecret "nix2t") {
        identityFile = age.secrets.nix2t.path;
        user = "joshua.bell";
        localForwards = [
@ -67,7 +77,7 @@ in
          TERM = "vt100";
        };
      };
-      "t_" = {
+      "t_" = lib.mkIf (hasSecret "nix2t") {
        identityFile = age.secrets.nix2t.path;
        hostname = "10.12.14.103";
        user = "joshua.bell";
@ -75,14 +85,14 @@ in
          TERM = "vt100";
        };
      };
-      "mbptv" = {
+      "mbptv" = lib.mkIf (hasSecret "nix2gpdPocket3") {
        identityFile = age.secrets.nix2gpdPocket3.path;
        user = "waka";
        setEnv = {
          TERM = "vt100";
        };
      };
-      "mbptv_" = {
+      "mbptv_" = lib.mkIf (hasSecret "nix2gpdPocket3") {
        identityFile = age.secrets.nix2gpdPocket3.path;
        hostname = "10.12.14.101";
        user = "waka";
@ -90,57 +100,57 @@ in
          TERM = "vt100";
        };
      };
-      "nothing1" = {
+      "nothing1" = lib.mkIf (hasSecret "nix2gpdPocket3") {
        identityFile = age.secrets.nix2gpdPocket3.path;
        user = "TODO";
      };
-      "tab1" = {
+      "tab1" = lib.mkIf (hasSecret "nix2gpdPocket3") {
        identityFile = age.secrets.nix2gpdPocket3.path;
        user = "TODO";
      };
-      "pixel6" = {
+      "pixel6" = lib.mkIf (hasSecret "nix2gpdPocket3") {
        identityFile = age.secrets.nix2gpdPocket3.path;
        user = "TODO";
      };
      # HOME SERVERS
-      "h001" = {
+      "h001" = lib.mkIf (hasSecret "nix2h001") {
        identityFile = age.secrets.nix2h001.path;
        user = "luser";
      };
-      "h001_" = {
+      "h001_" = lib.mkIf (hasSecret "nix2h001") {
        identityFile = age.secrets.nix2h001.path;
        hostname = "10.12.14.2";
        user = "luser";
      };
-      "h002" = {
+      "h002" = lib.mkIf (hasSecret "nix2h002") {
        identityFile = age.secrets.nix2h002.path;
        user = "luser";
      };
-      "h003" = {
+      "h003" = lib.mkIf (hasSecret "nix2h003") {
        identityFile = age.secrets.nix2h003.path;
        user = "luser";
      };
      # LINODE SERVERS
-      "l001" = {
+      "l001" = lib.mkIf (hasSecret "nix2linode") {
        identityFile = age.secrets.nix2linode.path;
        hostname = "172.236.111.33"; # Not on the tailscale network it is the primary host
        user = "root";
      };
-      "l002_" = {
+      "l002_" = lib.mkIf (hasSecret "nix2linode") {
        identityFile = age.secrets.nix2linode.path;
        hostname = "172.234.26.141";
        user = "root";
      };
-      "l002" = {
+      "l002" = lib.mkIf (hasSecret "nix2linode") {
        identityFile = age.secrets.nix2linode.path;
        user = "root";
      };
      # ORACLE SERVERS
-      "o001" = {
+      "o001" = lib.mkIf (hasSecret "nix2oracle") {
        identityFile = age.secrets.nix2oracle.path;
        user = "root";
      };
-      "o001_" = {
+      "o001_" = lib.mkIf (hasSecret "nix2oracle") {
        identityFile = age.secrets.nix2oracle.path;
        hostname = "64.181.210.7";
        user = "root";