nixos/home/modules/ssh.nix

{ lib, config, ... }:

let
  cfg = config.snowhawk.ssh;
  sops = config.snowhawk.sops.enable;
in
{
  options.snowhawk.ssh = {
    enable = lib.mkEnableOption "ssh";

    homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";
  };

  config = lib.mkIf cfg.enable {
    programs.ssh = {
      enable = true;
      includes = [
        "conf.d/*"
      ];
      matchBlocks = {
        "git.zynh.me" = {
          hostname = "git.zynh.me";
          user = "git";
          port = 2221;
          identityFile = "${config.home.homeDirectory}/.ssh/personal_git";
        };
        msiserver = {
          hostname = "scarlet.zynh.me";
          user = "zynh";
          identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
        };
        "msiserver.local" = lib.mkIf cfg.homeNetwork {
          hostname = "msiserver";
          user = "zynh";
          identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
        };
        caveserver = {
          identityFile = "${config.home.homeDirectory}/.ssh/caveserver";
        };
      };
    };

    sops.secrets =
      let home = config.home.homeDirectory;
      in lib.mkIf sops {
        "private_keys/msiserver" = {
          path = "${home}/.ssh/msiserver";
        };
        "private_keys/caveserver" = {
          path = "${home}/.ssh/caveserver";
        };
        "ssh_hosts/caveserver" = {
          path = "${home}/.ssh/conf.d/caveserver_config";
        };
      };
  };
}
add git.zynh.me to ssh hosts 2024-07-09 05:03:34 +00:00			`{ lib, config, ... }:`

			`let`
			`cfg = config.snowhawk.ssh;`
sops: disable secrets if no sops 2024-07-24 07:24:16 +00:00			`sops = config.snowhawk.sops.enable;`
add git.zynh.me to ssh hosts 2024-07-09 05:03:34 +00:00			`in`
			`{`
			`options.snowhawk.ssh = {`
			`enable = lib.mkEnableOption "ssh";`
ssh: home network option for ssh 2024-07-11 12:13:00 +00:00
			`homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";`
add git.zynh.me to ssh hosts 2024-07-09 05:03:34 +00:00			`};`

			`config = lib.mkIf cfg.enable {`
			`programs.ssh = {`
			`enable = true;`
ssh: include config.d this is to allow non-leaked hosts in my ssh config 2024-07-11 12:18:10 +00:00			`includes = [`
			`"conf.d/*"`
			`];`
add git.zynh.me to ssh hosts 2024-07-09 05:03:34 +00:00			`matchBlocks = {`
			`"git.zynh.me" = {`
			`hostname = "git.zynh.me";`
			`user = "git";`
			`port = 2221;`
			`identityFile = "${config.home.homeDirectory}/.ssh/personal_git";`
			`};`
add msiserver config 2024-07-09 08:30:45 +00:00			`msiserver = {`
			`hostname = "scarlet.zynh.me";`
			`user = "zynh";`
add msiserver private keys 2024-07-09 08:47:23 +00:00			`identityFile = "${config.home.homeDirectory}/.ssh/msiserver";`
			`};`
ssh: home network option for ssh 2024-07-11 12:13:00 +00:00			`"msiserver.local" = lib.mkIf cfg.homeNetwork {`
add msiserver private keys 2024-07-09 08:47:23 +00:00			`hostname = "msiserver";`
			`user = "zynh";`
			`identityFile = "${config.home.homeDirectory}/.ssh/msiserver";`
add msiserver config 2024-07-09 08:30:45 +00:00			`};`
ssh: caveserver key 2024-07-11 12:58:16 +00:00			`caveserver = {`
			`identityFile = "${config.home.homeDirectory}/.ssh/caveserver";`
			`};`
add git.zynh.me to ssh hosts 2024-07-09 05:03:34 +00:00			`};`
			`};`
sops: move secrets to relavent services 2024-07-24 06:40:58 +00:00
			`sops.secrets =`
sops: formatting 2024-07-24 06:57:37 +00:00			`let home = config.home.homeDirectory;`
sops: disable secrets if no sops 2024-07-24 07:24:16 +00:00			`in lib.mkIf sops {`
sops: move secrets to relavent services 2024-07-24 06:40:58 +00:00			`"private_keys/msiserver" = {`
			`path = "${home}/.ssh/msiserver";`
			`};`
			`"private_keys/caveserver" = {`
			`path = "${home}/.ssh/caveserver";`
			`};`
			`"ssh_hosts/caveserver" = {`
			`path = "${home}/.ssh/conf.d/caveserver_config";`
			`};`
			`};`
add git.zynh.me to ssh hosts 2024-07-09 05:03:34 +00:00			`};`
			`}`