nixos-config/programs/ssh/home-manager.nix

56 lines
1.3 KiB
Nix
Raw Normal View History

2024-11-06 09:09:17 +00:00
{
lib,
config,
2024-11-07 07:51:24 +00:00
systemConfig,
2024-11-06 09:09:17 +00:00
...
2024-11-09 14:02:26 +00:00
}:
{
2024-11-06 09:09:17 +00:00
imports = [
./builders.nix
];
programs.ssh = {
controlMaster = "auto";
controlPersist = "10m";
2024-11-09 14:02:26 +00:00
matchBlocks."*" =
lib.hm.dag.entryAfter
[
"build-nas"
"build-rainbow-resort"
"build-aarch64"
"build-riscv"
2024-11-21 08:44:10 +00:00
"rainbow-resort.int.chir.rs"
2024-11-09 14:02:26 +00:00
]
{
identityFile =
if config.home.username == "root" then
systemConfig.sops.secrets.".ssh/id_ed25519_sk".path
else
config.sops.secrets.".ssh/id_ed25519_sk".path;
};
2024-11-21 08:44:10 +00:00
matchBlocks."rainbow-resort.int.chir.rs" = {
forwardAgent = true;
remoteForwards = [
{
bind.address = "/%d/.local/state/gnupg/S.gpg-agent";
host.address = "/%d/.local/state/gnupg/S.gpg-agent.extra";
}
2024-11-21 08:49:24 +00:00
{
bind.address = "/%d/.local/state/waypipe/server.sock";
host.address = "/%d/.local/state/waypipe/client.sock";
}
2024-11-21 08:44:10 +00:00
];
2024-11-21 08:49:24 +00:00
forwardX11 = true;
forwardX11Trusted = true;
setEnv.WAYLAND_DISPLAY = "wayland-waypipe";
extraOptions.StreamLocalBindUnlink = "yes";
2024-11-21 08:44:10 +00:00
};
2024-11-06 09:09:17 +00:00
enable = true;
};
2024-11-07 07:51:24 +00:00
sops.secrets = lib.mkIf (config.home.username != "root") {
".ssh/id_ed25519_sk" = {
mode = "600";
sopsFile = ./shared-keys.yaml;
};
2024-11-06 09:09:17 +00:00
};
}