48 lines
1.3 KiB
Nix
48 lines
1.3 KiB
Nix
{ pkgs, ... }@all: with all; {
|
|
programs.ssh = {
|
|
enable = true;
|
|
package = pkgs.openssh;
|
|
matchBlocks = let
|
|
nxace = name: {
|
|
host = name;
|
|
hostname = "ssh.${hyper.domain}";
|
|
user = hyper.user;
|
|
port = secrets.ssh.port;
|
|
identityFile = "${hyper.home}/vault/ssh/nxace-nx2-${hyper.host}";
|
|
};
|
|
in {
|
|
"nxace" = nxace "nxace";
|
|
"nxacel" = (nxace "nxacel") // { hostname = "10.0.1.1"; };
|
|
"nxrpli" = (nxace "nxrpil") // { hostname = "10.0.1.31"; port = 22; };
|
|
"nxgit" = (nxace "nxgit") // {
|
|
user = "git";
|
|
identityFile = builtins.trace config.programs.ssh.matchBlocks.nxgit
|
|
"${hyper.home}/vault/ssh/nxgit-nx2-${hyper.host}";
|
|
# addKeysToAgent = "1h";
|
|
};
|
|
};
|
|
};
|
|
home.packages = with pkgs; [ sshfs ];
|
|
|
|
services.gpg-agent = let
|
|
min2sec = min: (min * 60);
|
|
in {
|
|
enable = false;
|
|
verbose = true;
|
|
sshKeys = [
|
|
"97081264F7FD72D890D496E839AA9A4C7892A7D8" # Keygrip (not Fingerprint!) of [A] Subkey
|
|
];
|
|
enableSshSupport = true;
|
|
enableFishIntegration = true;
|
|
defaultCacheTtlSsh = min2sec 60;
|
|
defaultCacheTtl = min2sec 30;
|
|
pinentry = {
|
|
package = pkgs.pinentry;
|
|
program = "pinentry";
|
|
};
|
|
extraConfig = ''
|
|
allow-loopback-pinentry
|
|
'';
|
|
};
|
|
}
|