2024-11-06 09:09:17 +00:00
|
|
|
{
|
|
|
|
lib,
|
|
|
|
config,
|
2024-11-07 07:51:24 +00:00
|
|
|
systemConfig,
|
2024-11-06 09:09:17 +00:00
|
|
|
...
|
2024-11-09 14:02:26 +00:00
|
|
|
}:
|
|
|
|
{
|
2024-11-06 09:09:17 +00:00
|
|
|
imports = [
|
|
|
|
./builders.nix
|
|
|
|
];
|
|
|
|
programs.ssh = {
|
|
|
|
controlMaster = "auto";
|
|
|
|
controlPersist = "10m";
|
2024-11-09 14:02:26 +00:00
|
|
|
matchBlocks."*" =
|
|
|
|
lib.hm.dag.entryAfter
|
|
|
|
[
|
|
|
|
"build-nas"
|
|
|
|
"build-rainbow-resort"
|
|
|
|
"build-aarch64"
|
|
|
|
"build-riscv"
|
2024-11-21 08:44:10 +00:00
|
|
|
"rainbow-resort.int.chir.rs"
|
2024-11-09 14:02:26 +00:00
|
|
|
]
|
|
|
|
{
|
|
|
|
identityFile =
|
|
|
|
if config.home.username == "root" then
|
|
|
|
systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
|
|
|
|
else
|
|
|
|
config.sops.secrets.".ssh/id_ed25519_sk".path;
|
|
|
|
};
|
2024-11-21 08:44:10 +00:00
|
|
|
matchBlocks."rainbow-resort.int.chir.rs" = {
|
|
|
|
forwardAgent = true;
|
|
|
|
remoteForwards = [
|
|
|
|
{
|
|
|
|
bind.address = "/%d/.local/state/gnupg/S.gpg-agent";
|
|
|
|
host.address = "/%d/.local/state/gnupg/S.gpg-agent.extra";
|
|
|
|
}
|
2024-11-21 08:49:24 +00:00
|
|
|
{
|
|
|
|
bind.address = "/%d/.local/state/waypipe/server.sock";
|
|
|
|
host.address = "/%d/.local/state/waypipe/client.sock";
|
|
|
|
}
|
2024-11-21 08:44:10 +00:00
|
|
|
];
|
2024-11-21 08:49:24 +00:00
|
|
|
forwardX11 = true;
|
|
|
|
forwardX11Trusted = true;
|
|
|
|
setEnv.WAYLAND_DISPLAY = "wayland-waypipe";
|
|
|
|
extraOptions.StreamLocalBindUnlink = "yes";
|
2024-11-21 08:44:10 +00:00
|
|
|
};
|
2024-11-06 09:09:17 +00:00
|
|
|
enable = true;
|
|
|
|
};
|
2024-11-07 07:51:24 +00:00
|
|
|
sops.secrets = lib.mkIf (config.home.username != "root") {
|
|
|
|
".ssh/id_ed25519_sk" = {
|
|
|
|
mode = "600";
|
|
|
|
sopsFile = ./shared-keys.yaml;
|
|
|
|
};
|
2024-11-06 09:09:17 +00:00
|
|
|
};
|
|
|
|
}
|