Chris Toph
270ebded3d
• Relocates common configurations from a user-specific directory to a global hierarchy • Adds host-specific files and updates import paths for better modularity • Introduces an experimental GNOME mutter feature
66 lines
1.7 KiB
Nix
66 lines
1.7 KiB
Nix
{
|
|
pkgs,
|
|
config,
|
|
lib,
|
|
hostSpec,
|
|
secretsSpec,
|
|
...
|
|
}:
|
|
let
|
|
# Generate local key paths for the config
|
|
sshKeysMap = lib.mapAttrs (name: _: "${hostSpec.home}/.ssh/${name}") secretsSpec.ssh.privateKeys;
|
|
|
|
# Create the SSH config file with local paths
|
|
sshConfig = pkgs.writeText "ssh-config" ''
|
|
Host git.ryot.foo
|
|
IdentityFile ${sshKeysMap.git}
|
|
|
|
Host *
|
|
ForwardAgent no
|
|
AddKeysToAgent yes
|
|
Compression no
|
|
ServerAliveInterval 5
|
|
ServerAliveCountMax 3
|
|
HashKnownHosts no
|
|
UserKnownHostsFile ~/.ssh/known_hosts
|
|
ControlMaster no
|
|
ControlPath ~/.ssh/master-%r@%n:%p
|
|
ControlPersist no
|
|
|
|
IdentityFile ${sshKeysMap.pve}
|
|
UpdateHostKeys ask
|
|
'';
|
|
in
|
|
{
|
|
home.file =
|
|
{
|
|
# SSH config file
|
|
".ssh/config_source" = {
|
|
source = sshConfig;
|
|
onChange = ''
|
|
cp $HOME/.ssh/config_source $HOME/.ssh/config
|
|
chmod 400 $HOME/.ssh/config
|
|
'';
|
|
};
|
|
|
|
".ssh/known_hosts_source" = {
|
|
source = pkgs.writeText "known-hosts" (lib.concatStringsSep "\n" secretsSpec.ssh.knownHosts);
|
|
onChange = ''
|
|
cp $HOME/.ssh/known_hosts_source $HOME/.ssh/known_hosts
|
|
chmod 644 $HOME/.ssh/known_hosts
|
|
'';
|
|
};
|
|
}
|
|
# Dynamically add all SSH private keys using the existing store paths
|
|
# Ensures the keys have correct permissions and are not symlinks
|
|
// lib.mapAttrs' (name: path: {
|
|
name = ".ssh/${name}_source";
|
|
value = {
|
|
source = path;
|
|
onChange = ''
|
|
cp $HOME/.ssh/${name}_source $HOME/.ssh/${name}
|
|
chmod 600 $HOME/.ssh/${name}
|
|
'';
|
|
};
|
|
}) secretsSpec.ssh.privateKeys;
|
|
}
|