nixos/home/modules/ssh.nix

{ lib, config, ... }:

let
  cfg = config.snowhawk.ssh;
  sops = config.snowhawk.sops.enable;
  secrets = config.sops.secrets;

  ifSops = lib.mkIf sops;

  keyPathIfSops = key: ifSops secrets.${"private_keys/" + key}.path;
in
{
  options.snowhawk.ssh = {
    enable = lib.mkEnableOption "ssh";

    homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";
  };

  config =
    let sshDir = config.home.homeDirectory + "/.ssh";
    in lib.mkIf cfg.enable {
      programs.ssh = {
        enable = true;
        includes = [ "conf.d/*" ];
        matchBlocks = {
          "git.zynh.me" = {
            hostname = "git.zynh.me";
            user = "git";
            port = 2221;
            identityFile = keyPathIfSops "personal_git";
          };
          snowhawk = {
            hostname = "192.168.0.22";
            user = "ravenshade";
            proxyJump = "zynh@msiserver";
            identityFile = keyPathIfSops "snowhawk";
          };
          msiserver = {
            hostname = "scarlet.zynh.me";
            user = "zynh";
            identityFile = keyPathIfSops "msiserver";
          };
          "msiserver.local" = lib.mkIf cfg.homeNetwork {
            hostname = "msiserver";
            user = "zynh";
            identityFile = keyPathIfSops "msiserver";
          };
          caveserver = {
            identityFile = keyPathIfSops "caveserver";
          };
        };
      };

      sops.secrets = ifSops {
        "private_keys/msiserver" = { };
        "private_keys/caveserver" = { };
        "private_keys/snowhawk" = { };
        "private_keys/personal_git" = { };

        "ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config";
      };
    };
}
add git.zynh.me to ssh hosts 2024-07-08 22:03:34 -07:00			`{ lib, config, ... }:`

			`let`
			`cfg = config.snowhawk.ssh;`
sops: disable secrets if no sops 2024-07-24 00:24:16 -07:00			`sops = config.snowhawk.sops.enable;`
ssh: use keyfiles directly, also only include if sops is enabled 2024-07-28 06:32:16 -07:00			`secrets = config.sops.secrets;`

			`ifSops = lib.mkIf sops;`
ssh: refactor 2024-07-28 14:18:38 -07:00
ssh: refactor 2: electric boogaloo 2024-07-28 15:05:27 -07:00			`keyPathIfSops = key: ifSops secrets.${"private_keys/" + key}.path;`
add git.zynh.me to ssh hosts 2024-07-08 22:03:34 -07:00			`in`
			`{`
			`options.snowhawk.ssh = {`
			`enable = lib.mkEnableOption "ssh";`
ssh: home network option for ssh 2024-07-11 05:13:00 -07:00
			`homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";`
add git.zynh.me to ssh hosts 2024-07-08 22:03:34 -07:00			`};`

ssh: refactoring 2024-07-28 06:08:59 -07:00			`config =`
ssh: use ssh dir instead of homedir 2024-07-28 06:11:49 -07:00			`let sshDir = config.home.homeDirectory + "/.ssh";`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`in lib.mkIf cfg.enable {`
			`programs.ssh = {`
			`enable = true;`
			`includes = [ "conf.d/*" ];`
			`matchBlocks = {`
			`"git.zynh.me" = {`
			`hostname = "git.zynh.me";`
			`user = "git";`
			`port = 2221;`
ssh: refactor 2: electric boogaloo 2024-07-28 15:05:27 -07:00			`identityFile = keyPathIfSops "personal_git";`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`};`
ssh: snowhawk ssh key 2024-07-28 07:12:39 -07:00			`snowhawk = {`
ssh: snowhawk ip update 2024-11-14 08:24:28 -08:00			`hostname = "192.168.0.22";`
ssh: proxyjump snowhawk 2024-08-02 00:26:15 -07:00			`user = "ravenshade";`
			`proxyJump = "zynh@msiserver";`
ssh: refactor 2: electric boogaloo 2024-07-28 15:05:27 -07:00			`identityFile = keyPathIfSops "snowhawk";`
ssh: snowhawk ssh key 2024-07-28 07:12:39 -07:00			`};`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`msiserver = {`
			`hostname = "scarlet.zynh.me";`
			`user = "zynh";`
ssh: refactor 2: electric boogaloo 2024-07-28 15:05:27 -07:00			`identityFile = keyPathIfSops "msiserver";`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`};`
			`"msiserver.local" = lib.mkIf cfg.homeNetwork {`
			`hostname = "msiserver";`
			`user = "zynh";`
ssh: refactor 2: electric boogaloo 2024-07-28 15:05:27 -07:00			`identityFile = keyPathIfSops "msiserver";`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`};`
			`caveserver = {`
ssh: refactor 2: electric boogaloo 2024-07-28 15:05:27 -07:00			`identityFile = keyPathIfSops "caveserver";`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`};`
ssh: caveserver key 2024-07-11 05:58:16 -07:00			`};`
add git.zynh.me to ssh hosts 2024-07-08 22:03:34 -07:00			`};`
sops: move secrets to relavent services 2024-07-23 23:40:58 -07:00
ssh: use ssh dir instead of homedir 2024-07-28 06:11:49 -07:00			`sops.secrets = ifSops {`
			`"private_keys/msiserver" = { };`
			`"private_keys/caveserver" = { };`
ssh: snowhawk ssh key 2024-07-28 07:12:39 -07:00			`"private_keys/snowhawk" = { };`
ssh: manage git ssh key 2024-07-28 06:53:41 -07:00			`"private_keys/personal_git" = { };`
ssh: use ssh dir instead of homedir 2024-07-28 06:11:49 -07:00
			`"ssh_hosts/caveserver".path = "${sshDir}/conf.d/caveserver_config";`
sops: move secrets to relavent services 2024-07-23 23:40:58 -07:00			`};`
ssh: refactoring 2024-07-28 06:08:59 -07:00			`};`
add git.zynh.me to ssh hosts 2024-07-08 22:03:34 -07:00			`}`