52 lines
1.4 KiB
Nix
52 lines
1.4 KiB
Nix
{ lib, config, ... }:
|
|
|
|
let
|
|
cfg = config.snowhawk.ssh;
|
|
sops = config.snowhawk.sops.enable;
|
|
in
|
|
{
|
|
options.snowhawk.ssh = {
|
|
enable = lib.mkEnableOption "ssh";
|
|
|
|
homeNetwork = lib.mkEnableOption "include local hostnames for home network devices";
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
programs.ssh = {
|
|
enable = true;
|
|
includes = [
|
|
"conf.d/*"
|
|
];
|
|
matchBlocks = {
|
|
"git.zynh.me" = {
|
|
hostname = "git.zynh.me";
|
|
user = "git";
|
|
port = 2221;
|
|
identityFile = "${config.home.homeDirectory}/.ssh/personal_git";
|
|
};
|
|
msiserver = {
|
|
hostname = "scarlet.zynh.me";
|
|
user = "zynh";
|
|
identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
|
|
};
|
|
"msiserver.local" = lib.mkIf cfg.homeNetwork {
|
|
hostname = "msiserver";
|
|
user = "zynh";
|
|
identityFile = "${config.home.homeDirectory}/.ssh/msiserver";
|
|
};
|
|
caveserver = {
|
|
identityFile = "${config.home.homeDirectory}/.ssh/caveserver";
|
|
};
|
|
};
|
|
};
|
|
|
|
sops.secrets =
|
|
let home = config.home.homeDirectory;
|
|
in lib.mkIf sops {
|
|
"private_keys/msiserver".path = "${home}/.ssh/msiserver";
|
|
"private_keys/caveserver".path = "${home}/.ssh/caveserver";
|
|
"ssh_hosts/caveserver".path = "${home}/.ssh/conf.d/caveserver_config";
|
|
};
|
|
};
|
|
}
|