nixos-config/users/rouven/modules/ssh/default.nix

{ ... }:
let
  git = "~/.ssh/git";
in
{
  programs.ssh = rec {
    enable = true;
    compression = true;
    controlMaster = "auto";
    controlPersist = "10m";
    extraConfig = ''
      CanonicalizeHostname yes
      CanonicalDomains agdsn.network
      PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so
      IdentityFile ~/.ssh/id_ed25519
      VisualHostKey = yes
    '';
    matchBlocks = {
      # personal use
      "git@github.com" = {
        match = "Host github.com User git";
        identityFile = git;
      };
      "rfive.de" = {
        hostname = "falkenstein.vpn.rfive.de";
        user = "root";
        extraOptions = {
          VerifyHostKeyDNS = "yes";
        };
      };
      # used for nix remote building
      falkenstein = matchBlocks."rfive.de";

      "nuc" = {
        hostname = "192.168.42.2";
        user = "root";
      };

      "router" = {
        hostname = "192.168.42.1";
        user = "root";
      };

      # iFSR
      "fsr" = {
        hostname = "ifsr.de";
        user = "rouven.seifert";
      };
      "quitte" = {
        hostname = "quitte.ifsr.de";
        user = "root";
        extraOptions = {
          RequestTTY = "yes";
          RemoteCommand = "zsh -i";
        };
      };
      "quitte-notty" = {
        hostname = "quitte.ifsr.de";
        user = "root";
      };
      "tomate" = {
        hostname = "tomate.ifsr.de";
        user = "root";
        extraOptions = {
          RequestTTY = "yes";
          RemoteCommand = "zsh -i";
        };
      };
      "tomate-notty" = {
        hostname = "tomate.ifsr.de";
        user = "root";
      };
      "durian" = {
        hostname = "durian.ifsr.de";
        user = "root";
      };
      "git@ifsr.de" = {
        match = "Host ifsr.de User git";
        identityFile = git;
      };

      # AG DSN
      "dijkstra" = {
        hostname = "login.agdsn.tu-dresden.de";
        user = "r5";
        extraOptions = {
          VerifyHostKeyDNS = "yes";
        };
      };
      "*.agdsn.network" = {
        user = "r5";
        extraOptions = {
          ProxyJump = "dijkstra";
          VerifyHostKeyDNS = "yes";
        };
      };
      "git@git.agdsn.de" = {
        match = "Host git.agdsn.de User git";
        identityFile = git;
      };
    };
  };
}
ran deadnix 2023-05-19 11:42:43 +02:00			`{ ... }:`
cleanup and restructuring 2023-04-06 22:31:45 +02:00			`let`
refactor: ran deadnix 2023-11-16 15:53:15 +01:00			`git = "~/.ssh/git";`
cleanup and restructuring 2023-04-06 22:31:45 +02:00			`in`
added ssh config 2023-01-06 10:37:50 +01:00			`{`
cleanup and restructuring 2023-04-06 22:31:45 +02:00			`programs.ssh = rec {`
added ssh config 2023-01-06 10:37:50 +01:00			`enable = true;`
configured backups 2023-07-30 19:41:51 +02:00			`compression = true;`
better ssh config 2023-11-20 22:47:07 +01:00			`controlMaster = "auto";`
			`controlPersist = "10m";`
			`extraConfig = ''`
			`CanonicalizeHostname yes`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`CanonicalDomains agdsn.network`
better ssh config 2023-11-20 22:47:07 +01:00			`PKCS11Provider /run/current-system/sw/lib/libtpm2_pkcs11.so`
			`IdentityFile ~/.ssh/id_ed25519`
			`VisualHostKey = yes`
			`'';`
added ssh config 2023-01-06 10:37:50 +01:00			`matchBlocks = {`
better ssh config 2023-11-20 22:47:07 +01:00			`# personal use`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`"git@github.com" = {`
			`match = "Host github.com User git";`
cleanup and restructuring 2023-04-06 22:31:45 +02:00			`identityFile = git;`
added ssh config 2023-01-06 10:37:50 +01:00			`};`
			`"rfive.de" = {`
fix some ssh settings 2023-06-05 15:21:24 +02:00			`hostname = "falkenstein.vpn.rfive.de";`
networking stuff 2023-04-12 15:05:15 +02:00			`user = "root";`
fixed ssh errors, add hashcash, update mail config, update zsh config 2023-09-24 21:32:28 +02:00			`extraOptions = {`
wayland: use river as default 2023-12-17 17:22:51 +01:00			`VerifyHostKeyDNS = "yes";`
fixed ssh errors, add hashcash, update mail config, update zsh config 2023-09-24 21:32:28 +02:00			`};`
added ssh config 2023-01-06 10:37:50 +01:00			`};`
better ssh config 2023-11-20 22:47:07 +01:00			`# used for nix remote building`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`falkenstein = matchBlocks."rfive.de";`
better ssh config 2023-11-20 22:47:07 +01:00
			`"nuc" = {`
			`hostname = "192.168.42.2";`
added and configured shikane 2023-06-15 21:01:17 +02:00			`user = "root";`
			`};`
better ssh config 2023-11-20 22:47:07 +01:00
			`"router" = {`
			`hostname = "192.168.42.1";`
added qutebrowser 2023-02-03 11:43:09 +01:00			`user = "root";`
			`};`
better ssh config 2023-11-20 22:47:07 +01:00
			`# iFSR`
			`"fsr" = {`
added qutebrowser 2023-02-03 11:43:09 +01:00			`hostname = "ifsr.de";`
			`user = "rouven.seifert";`
			`};`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`"quitte" = {`
			`hostname = "quitte.ifsr.de";`
			`user = "root";`
ssh3: init packages 2023-12-19 22:42:38 +01:00			`extraOptions = {`
			`RequestTTY = "yes";`
			`RemoteCommand = "zsh -i";`
			`};`
			`};`
			`"quitte-notty" = {`
			`hostname = "quitte.ifsr.de";`
			`user = "root";`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`};`
home: remove declarative account configuration 2024-01-27 23:03:53 +01:00			`"tomate" = {`
			`hostname = "tomate.ifsr.de";`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`user = "root";`
home: remove declarative account configuration 2024-01-27 23:03:53 +01:00			`extraOptions = {`
			`RequestTTY = "yes";`
			`RemoteCommand = "zsh -i";`
			`};`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`};`
home: remove declarative account configuration 2024-01-27 23:03:53 +01:00			`"tomate-notty" = {`
can't canonicalize ifsr.de 2023-11-20 23:55:55 +01:00			`hostname = "tomate.ifsr.de";`
			`user = "root";`
			`};`
home: remove declarative account configuration 2024-01-27 23:03:53 +01:00			`"durian" = {`
			`hostname = "durian.ifsr.de";`
			`user = "root";`
			`};`
updates 2023-02-02 12:31:38 +01:00			`"git@ifsr.de" = {`
preparing nuc for reinstall 2023-02-17 21:35:12 +01:00			`match = "Host ifsr.de User git";`
cleanup and restructuring 2023-04-06 22:31:45 +02:00			`identityFile = git;`
updates 2023-02-02 12:31:38 +01:00			`};`
better ssh config 2023-11-20 22:47:07 +01:00
			`# AG DSN`
			`"dijkstra" = {`
			`hostname = "login.agdsn.tu-dresden.de";`
			`user = "r5";`
wayland: use river as default 2023-12-17 17:22:51 +01:00			`extraOptions = {`
			`VerifyHostKeyDNS = "yes";`
			`};`
better ssh config 2023-11-20 22:47:07 +01:00			`};`
			`"*.agdsn.network" = {`
			`user = "r5";`
			`extraOptions = {`
			`ProxyJump = "dijkstra";`
wayland: use river as default 2023-12-17 17:22:51 +01:00			`VerifyHostKeyDNS = "yes";`
better ssh config 2023-11-20 22:47:07 +01:00			`};`
			`};`
agdsn and networking updates 2023-10-26 12:12:45 +02:00			`"git@git.agdsn.de" = {`
			`match = "Host git.agdsn.de User git";`
			`identityFile = git;`
			`};`
added ssh config 2023-01-06 10:37:50 +01:00			`};`
			`};`
			`}`