da157.id / nix-config
0xda157's home-manager and nixos config
fork atom
nix-config / modules / users / da157 / cli / ssh / default.nix
at main 63 lines 1.6 kB view raw
0xda157 move users into modules
b2515761
1{ lib, config, ... }: 2let 3 ssh-key = name: lib.mkIf config.l.secrets.enable config.sops.secrets."ssh-keys/${name}".path; 4in 5{ 6 programs.ssh = { 7 enable = true; 8 enableDefaultConfig = false; 9 matchBlocks = { 10 "*" = { 11 forwardAgent = false; 12 addKeysToAgent = "no"; 13 compression = true; 14 serverAliveInterval = 0; 15 serverAliveCountMax = 3; 16 hashKnownHosts = true; 17 userKnownHostsFile = "~/.ssh/known_hosts"; 18 controlMaster = "no"; 19 controlPath = "~/.ssh/master-%r@%n:%p"; 20 controlPersist = "no"; 21 }; 22 23 # keep-sorted start block=yes newline_separated=yes 24 "codeberg.org" = { 25 user = "git"; 26 hostname = "codeberg.org"; 27 identityFile = ssh-key "codeberg"; 28 }; 29 30 "github.com" = { 31 user = "git"; 32 hostname = "github.com"; 33 identityFile = ssh-key "github"; 34 }; 35 36 "scout.team1540.org" = { 37 user = "ubuntu"; 38 hostname = "scout.team1540.org"; 39 identityFile = ssh-key "scout-team1540-org"; 40 }; 41 42 "tangled.org" = { 43 user = "git"; 44 hostname = "tangled.org"; 45 identityFile = ssh-key "tangled"; 46 }; 47 # keep-sorted end 48 }; 49 }; 50 51 sops.secrets = lib.mkIf config.l.secrets.enable { 52 # keep-sorted start block=yes 53 "ssh-keys/codeberg" = { }; 54 "ssh-keys/codeberg-pub" = { }; 55 "ssh-keys/github" = { }; 56 "ssh-keys/github-pub" = { }; 57 "ssh-keys/scout-team1540-org" = { }; 58 "ssh-keys/scout-team1540-org-pub" = { }; 59 "ssh-keys/tangled" = { }; 60 "ssh-keys/tangled-pub" = { }; 61 # keep-sorted end 62 }; 63}