encode42.dev
Personal-use NixOS configuration
Enable GPG agent forwarding
+17
-1
+17
-1
homes/encode42/common/ssh.nix
+17
-1
homes/encode42/common/ssh.nix
···
1
+
{ osConfig, ... }:
2
+
1
3
let
2
4
host = "index";
3
5
address = "192.168.1.2";
6
+
7
+
agentPath = "/run/user/${toString osConfig.users.users.encode42.uid}/gnupg/S.gpg-agent";
8
+
remoteForwards = [
9
+
{
10
+
bind.address = agentPath;
11
+
host.address = agentPath + ".extra";
12
+
}
13
+
];
4
14
in
5
15
{
16
+
services.gpg-agent = {
17
+
enableExtraSocket = true;
18
+
};
19
+
6
20
programs.ssh = {
7
21
enable = true;
8
22
enableDefaultConfig = false;
9
23
10
24
matchBlocks = {
11
25
"index-local" = {
26
+
inherit remoteForwards;
27
+
12
28
match = "host ${host} exec 'ping -c1 -W0.5 ${address} >/dev/null 2>&1'";
13
29
hostname = address;
14
30
···
16
32
};
17
33
18
34
"index-remote" = {
19
-
inherit host;
35
+
inherit host remoteForwards;
20
36
21
37
hostname = "encrypted.group";
22
38