diff --git a/programs/ssh/home-manager.nix b/programs/ssh/home-manager.nix index 0364e0a1..07300719 100644 --- a/programs/ssh/home-manager.nix +++ b/programs/ssh/home-manager.nix @@ -34,7 +34,15 @@ bind.address = "/%d/.local/state/gnupg/S.gpg-agent"; host.address = "/%d/.local/state/gnupg/S.gpg-agent.extra"; } + { + bind.address = "/%d/.local/state/waypipe/server.sock"; + host.address = "/%d/.local/state/waypipe/client.sock"; + } ]; + forwardX11 = true; + forwardX11Trusted = true; + setEnv.WAYLAND_DISPLAY = "wayland-waypipe"; + extraOptions.StreamLocalBindUnlink = "yes"; }; enable = true; }; diff --git a/services/desktop/default.nix b/services/desktop/default.nix index 0d8142ba..f78362a9 100644 --- a/services/desktop/default.nix +++ b/services/desktop/default.nix @@ -3,5 +3,6 @@ imports = [ ./kdeconnect.nix ./gpg + ./waypipe.nix ]; } diff --git a/services/desktop/waypipe.nix b/services/desktop/waypipe.nix new file mode 100644 index 00000000..f4ec4010 --- /dev/null +++ b/services/desktop/waypipe.nix @@ -0,0 +1,25 @@ +{ pkgs, lib, ... }: +{ + home.packages = [ pkgs.waypipe ]; + systemd.user.services = { + waypipe-client = { + Unit.Description = "Runs waypipe on startup to support SSH forwarding"; + Service = { + ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p"; + ExecStart = "${lib.getExe pkgs.waypipe} --socket %h/.local/state/waypipe/client.sock client"; + ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.local/state/waypipe/client.sock"; + }; + Install.WantedBy = [ "graphical-session.target" ]; + }; + waypipe-server = { + Unit.Description = "Runs waypipe on startup to support SSH forwarding"; + Service = { + Type = "simple"; + ExecStartPre = "${lib.getExe' pkgs.coreutils "mkdir"} %h/.waypipe -p"; + ExecStart = "${lib.getExe pkgs.waypipe} --socket %h/.local/state/waypipe/server.sock --title-prefix '[%H] ' --login-shell --display wayland-waypipe server -- ${lib.getExe' pkgs.coreutils "sleep"} infinity"; + ExecStopPost = "${lib.getExe' pkgs.coreutils "rm"} -f %h/.local/state/waypipe/server.sock %t/wayland-waypipe"; + }; + Install.WantedBy = [ "default.target" ]; + }; + }; +} diff --git a/services/openssh.nix b/services/openssh.nix index 9b1e0d3e..d21db83c 100644 --- a/services/openssh.nix +++ b/services/openssh.nix @@ -4,6 +4,10 @@ services.openssh.settings = { PermitRootLogin = "yes"; PasswordAuthentication = false; + StreamLocalBindUnlink = "yes"; + GatewayPorts = "clientspecified"; + AcceptEnv = "WAYLAND_DISPLAY"; + X11Forwarding = true; }; programs.ssh.knownHosts = { "git.chir.rs".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+GanuiV1I08OP8+nNy24+zagQN08rtJnCoU/ixiQNn";