2022-04-10 11:54:58 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
inherit
|
|
|
|
(lib)
|
2022-01-11 16:08:21 +01:00
|
|
|
mkEnableOption
|
|
|
|
mkIf
|
2022-04-10 11:54:58 +02:00
|
|
|
;
|
2022-01-11 16:08:21 +01:00
|
|
|
|
2021-07-29 11:31:21 +02:00
|
|
|
cfg = config.my.home.ssh;
|
2022-04-10 11:54:58 +02:00
|
|
|
in {
|
2022-01-11 16:08:21 +01:00
|
|
|
options.my.home.ssh = {
|
2022-04-10 11:54:58 +02:00
|
|
|
enable = (mkEnableOption "ssh configuration") // {default = true;};
|
2021-07-29 11:31:21 +02:00
|
|
|
};
|
|
|
|
|
2022-01-11 16:08:21 +01:00
|
|
|
config = mkIf cfg.enable {
|
2021-07-29 11:31:21 +02:00
|
|
|
programs.ssh = {
|
|
|
|
enable = true;
|
|
|
|
|
2022-11-15 00:36:30 +01:00
|
|
|
matchBlocks = let
|
|
|
|
addGPGAgentForwarding = hostConf:
|
|
|
|
{
|
|
|
|
remoteForwards = [
|
|
|
|
{
|
|
|
|
# shhhh this is a path but it works
|
|
|
|
bind.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
|
|
|
|
host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
// hostConf;
|
|
|
|
in {
|
|
|
|
boreal = addGPGAgentForwarding {hostname = "boreal.alarsyo.net";};
|
|
|
|
hades = addGPGAgentForwarding {hostname = "hades.alarsyo.net";};
|
|
|
|
poseidon = addGPGAgentForwarding {hostname = "poseidon.alarsyo.net";};
|
|
|
|
pi = addGPGAgentForwarding {
|
2021-08-21 12:06:09 +02:00
|
|
|
hostname = "pi.alarsyo.net";
|
|
|
|
user = "pi";
|
2021-07-29 11:31:21 +02:00
|
|
|
};
|
2021-08-01 13:33:21 +02:00
|
|
|
|
|
|
|
"*.lrde.epita.fr" = {
|
|
|
|
user = "amartin";
|
|
|
|
};
|
|
|
|
|
|
|
|
lrde-proxyjump = {
|
|
|
|
host = "*.lrde.epita.fr !ssh.lrde.epita.fr";
|
|
|
|
proxyJump = "ssh.lrde.epita.fr";
|
|
|
|
};
|
2021-07-29 11:31:21 +02:00
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|