2024-07-08 22:03:34 -07:00
|
|
|
{ lib, config, ... }:
|
|
|
|
|
|
|
|
let
|
|
|
|
cfg = config.snowhawk.ssh;
|
2024-07-24 00:24:16 -07:00
|
|
|
sops = config.snowhawk.sops.enable;
|
2024-07-28 06:32:16 -07:00
|
|
|
secrets = config.sops.secrets;
|
|
|
|
|
|
|
|
ifSops = lib.mkIf sops;
|
2024-07-28 14:18:38 -07:00
|
|
|
|
2024-07-28 15:05:27 -07:00
|
|
|
keyPathIfSops = key: ifSops secrets.${"private_keys/" + key}.path;
|
2024-07-08 22:03:34 -07:00
|
|
|
in
|
|
|
|
{
|
|
|
|
options.snowhawk.ssh = {
|
|
|
|
enable = lib.mkEnableOption "ssh";
|
2024-07-11 05:13:00 -07:00
|
|
|
|
|
|
|
homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";
|
2024-07-08 22:03:34 -07:00
|
|
|
};
|
|
|
|
|
2024-07-28 06:08:59 -07:00
|
|
|
config =
|
2024-07-28 06:11:49 -07:00
|
|
|
let sshDir = config.home.homeDirectory + "/.ssh";
|
2024-07-28 06:08:59 -07:00
|
|
|
in lib.mkIf cfg.enable {
|
|
|
|
programs.ssh = {
|
|
|
|
enable = true;
|
|
|
|
includes = [ "conf.d/*" ];
|
2024-12-27 04:53:44 -08:00
|
|
|
matchBlocks = rec {
|
2024-07-28 06:08:59 -07:00
|
|
|
"git.zynh.me" = {
|
|
|
|
hostname = "git.zynh.me";
|
|
|
|
user = "git";
|
|
|
|
port = 2221;
|
2024-07-28 15:05:27 -07:00
|
|
|
identityFile = keyPathIfSops "personal_git";
|
2024-07-28 06:08:59 -07:00
|
|
|
};
|
2024-12-09 03:52:26 -08:00
|
|
|
"github.com" = {
|
|
|
|
hostname = "github.com";
|
|
|
|
user = "git";
|
|
|
|
identityFile = keyPathIfSops "github";
|
|
|
|
};
|
2024-07-28 07:12:39 -07:00
|
|
|
snowhawk = {
|
2024-11-14 08:24:28 -08:00
|
|
|
hostname = "192.168.0.22";
|
2024-08-02 00:26:15 -07:00
|
|
|
user = "ravenshade";
|
2025-01-01 10:17:06 -08:00
|
|
|
proxyJump = "ravenshade@permafrost";
|
2024-07-28 15:05:27 -07:00
|
|
|
identityFile = keyPathIfSops "snowhawk";
|
2024-07-28 07:12:39 -07:00
|
|
|
};
|
2025-01-01 10:17:06 -08:00
|
|
|
permafrost = {
|
2024-07-28 06:08:59 -07:00
|
|
|
hostname = "scarlet.zynh.me";
|
2025-01-01 10:18:56 -08:00
|
|
|
user = "ravenshade";
|
2024-07-28 15:05:27 -07:00
|
|
|
identityFile = keyPathIfSops "msiserver";
|
2024-07-28 06:08:59 -07:00
|
|
|
};
|
2025-01-02 20:12:25 -08:00
|
|
|
"permafrost.local" = lib.mkIf cfg.homeNetwork (permafrost // {
|
2025-01-01 10:17:06 -08:00
|
|
|
hostname = "permafrost";
|
2025-01-02 20:12:25 -08:00
|
|
|
});
|
2024-07-28 06:08:59 -07:00
|
|
|
caveserver = {
|
2024-07-28 15:05:27 -07:00
|
|
|
identityFile = keyPathIfSops "caveserver";
|
2024-07-28 06:08:59 -07:00
|
|
|
};
|
2024-12-27 04:53:44 -08:00
|
|
|
virtmsi = {
|
|
|
|
hostname = "192.168.122.76";
|
|
|
|
identityFile = keyPathIfSops "snowhawk";
|
|
|
|
};
|
2024-07-11 05:58:16 -07:00
|
|
|
};
|
2024-07-08 22:03:34 -07:00
|
|
|
};
|
2024-07-23 23:40:58 -07:00
|
|
|
|
2024-07-28 06:11:49 -07:00
|
|
|
sops.secrets = ifSops {
|
|
|
|
"private_keys/msiserver" = { };
|
|
|
|
"private_keys/caveserver" = { };
|
2024-07-28 07:12:39 -07:00
|
|
|
"private_keys/snowhawk" = { };
|
2024-07-28 06:53:41 -07:00
|
|
|
"private_keys/personal_git" = { };
|
2024-12-09 03:52:26 -08:00
|
|
|
"private_keys/github" = { };
|
2024-07-28 06:11:49 -07:00
|
|
|
|
|
|
|
"ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config";
|
2024-07-23 23:40:58 -07:00
|
|
|
};
|
2024-07-28 06:08:59 -07:00
|
|
|
};
|
2024-07-08 22:03:34 -07:00
|
|
|
}
|