ssh use module

2025-10-05 00:59:05 +02:00
parent 6809a6494f
commit 4c178e57fa
1 changed files with 43 additions and 46 deletions
--- a/home-modules/ssh.nix
+++ b/home-modules/ssh.nix
@@ -1,50 +1,47 @@
-{ pkgs, ... }@all: with all;
+{ pkgs, ... }@all: with all; {
-{
+  programs.ssh = {
-  home = {
+    enable = true;
-    packages = with pkgs; [ sshfs ];
+    package = pkgs.openssh;
-    file."vault/ssh/config".text = /* ssh */ ''
+    matchBlocks = let
-      HOST nxace
+      nxace = name: {
-          HostName ssh.${hyper.domain}
+        host = name;
-          User ${hyper.user}
+        hostname = "ssh.${hyper.domain}";
-          Port 50022
+        user = hyper.user;
-          IdentityFile ~/vault/ssh/nxace-nx2-${hyper.host}
+        port = secrets.ssh.port;
        identityFile = "${hyper.home}/vault/ssh/nxace-nx2-${hyper.host}";
      };
    in {
      "nxace" = nxace "nxace";
      "nxacel" = (nxace "nxacel") // { hostname = "10.0.1.1"; };
      "nxrpli" = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; };
      "nxgit" = (nxace "nxgit") // {
        user = "git";
        identityFile = builtins.trace config.programs.ssh.matchBlocks.nxgit
        "${hyper.home}/vault/ssh/nxgit-nx2-${hyper.host}";
        # addKeysToAgent = "1h";
      };
    };
  };
  home.packages = with pkgs; [ sshfs ];
-      HOST nxacel
+  services.gpg-agent = let 
-          HostName 10.0.1.1
+    min2sec = min: (min * 60);
-          User ${hyper.user}
+  in {
-          Port 50022
+    enable = false;
-          IdentityFile ~/vault/ssh/nxace-nx2-${hyper.host}
+    verbose = true;
-
+    sshKeys = [
-      HOST nxrpil
+      "97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey
-          HostName 10.0.1.31
+    ];
-          User ${hyper.user}
+    enableSshSupport = true;
-          Port 22
+    enableFishIntegration = true;
-      
+    defaultCacheTtlSsh = min2sec 60;
-      HOST nxgit
+    defaultCacheTtl = min2sec 30;
-          HostName ssh.${hyper.domain}
+    pinentry = {
-          User git
+      package = pkgs.pinentry;
-          Port 50022
+      program = "pinentry";
-          IdentityFile ~/vault/ssh/nxgit-nx2-${hyper.host}
+    };
    extraConfig = ''
      allow-loopback-pinentry
    '';
  };
  # services.gpg-agent = let 
  #   min2sec = min: (min * 60); 
  # in {
  #   enable = true;
  #   verbose = true;
  #   sshKeys = [
  #     "97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey
  #   ];
  #   enableSshSupport = true;
  #   enableFishIntegration = true;
  #   defaultCacheTtlSsh = min2sec 60;
  #   defaultCacheTtl = min2sec 30;
  #   pinentry = {
  #     package = pkgs.pinentry;
  #     program = "pinentry";
  #   };
  #   extraConfig = ''
  #     allow-loopback-pinentry
  #   '';
  # };
 }