ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
dotfiles/flakes/common/hm_modules/ssh.nix
RingOfStorms (Joshua Bell) b8ae608af5 Use conditional identityFile in SSH host configs
2026-01-06 16:11:04 -06:00

153 lines
4.3 KiB
Nix
Raw Blame History

{
osConfig,
lib,
...
}:
let
inherit (osConfig) age;
hasSecret =
secret:
let
secrets = age.secrets or { };
in
secrets ? ${secret} && secrets.${secret} != null;
in
{
# TODO can I put all IP's in the flake.nix top level settings and pull them in here instead?
programs.ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"*" = {
forwardAgent = false;
addKeysToAgent = "no";
compression = false;
serverAliveInterval = 0;
serverAliveCountMax = 3;
hashKnownHosts = false;
userKnownHostsFile = "~/.ssh/known_hosts";
controlMaster = "no";
controlPath = "~/.ssh/master-%r@%n:%p";
controlPersist = "no";
extraOptions = {
StrictHostKeyChecking = "accept-new";
};
setEnv = {
TERM = "xterm-256color";
};
};
# EXTERNAL
"github.com" = lib.mkIf (hasSecret "nix2github") {
identityFile = age.secrets.nix2github.path;
};
"bitbucket.org" = lib.mkIf (hasSecret "nix2bitbucket") {
identityFile = age.secrets.nix2bitbucket.path;
};
"git.joshuabell.xyz" = {
identityFile = lib.mkIf (hasSecret "nix2gitforgejo") age.secrets.nix2gitforgejo.path;
user = "git";
};
# PERSONAL DEVICES
"lio" = {
identityFile = lib.mkIf (hasSecret "nix2lio") age.secrets.nix2lio.path;
user = "josh";
};
"lio_" = {
identityFile = lib.mkIf (hasSecret "nix2lio") age.secrets.nix2lio.path;
hostname = "10.12.14.116";
user = "josh";
};
"oren" = {
identityFile = lib.mkIf (hasSecret "nix2oren") age.secrets.nix2oren.path;
user = "josh";
};
"gp3" = {
identityFile = lib.mkIf (hasSecret "nix2gpdPocket3") age.secrets.nix2gpdPocket3.path;
user = "josh";
};
"t" = {
identityFile = lib.mkIf (hasSecret "nix2t") age.secrets.nix2t.path;
user = "joshua.bell";
localForwards = [
{
bind.port = 3002;
host.port = 3002;
host.address = "localhost";
}
];
setEnv = {
TERM = "vt100";
};
};
"t_" = {
identityFile = lib.mkIf (hasSecret "nix2t") age.secrets.nix2t.path;
hostname = "10.12.14.181";
user = "joshua.bell";
localForwards = [
{
bind.port = 3002;
host.port = 3002;
host.address = "localhost";
}
];
setEnv = {
TERM = "vt100";
};
};
# HOME SERVERS
"h001" = lib.mkIf (hasSecret "nix2h001") {
identityFile = age.secrets.nix2h001.path;
user = "luser";
};
"h001_" = lib.mkIf (hasSecret "nix2h001") {
identityFile = age.secrets.nix2h001.path;
hostname = "10.12.14.10";
user = "luser";
};
"h002" = lib.mkIf (hasSecret "nix2nix") {
identityFile = age.secrets.nix2nix.path;
user = "luser";
};
"h002_" = lib.mkIf (hasSecret "nix2nix") {
identityFile = age.secrets.nix2nix.path;
hostname = "10.12.14.183";
user = "luser";
};
"h003" = lib.mkIf (hasSecret "nix2h003") {
identityFile = age.secrets.nix2h003.path;
hostname = "10.12.14.1";
user = "luser";
};
"h003_" = lib.mkIf (hasSecret "nix2h003") {
identityFile = age.secrets.nix2h003.path;
user = "luser";
};
# LINODE SERVERS
"l001" = lib.mkIf (hasSecret "nix2linode") {
identityFile = age.secrets.nix2linode.path;
hostname = "172.236.111.33"; # Not on the tailscale network it is the primary host
user = "root";
};
"l002_" = lib.mkIf (hasSecret "nix2linode") {
identityFile = age.secrets.nix2linode.path;
hostname = "172.234.26.141";
user = "root";
};
"l002" = lib.mkIf (hasSecret "nix2linode") {
identityFile = age.secrets.nix2linode.path;
user = "root";
};
# ORACLE SERVERS
"o001" = lib.mkIf (hasSecret "nix2oracle") {
identityFile = age.secrets.nix2oracle.path;
user = "root";
};
"o001_" = lib.mkIf (hasSecret "nix2oracle") {
identityFile = age.secrets.nix2oracle.path;
hostname = "64.181.210.7";
user = "root";
};
};
};
}
Reference in a new issue View git blame Copy permalink