191 lines
5.7 KiB
Nix
191 lines
5.7 KiB
Nix
# SSH Configuration Module
|
|
#
|
|
# This module configures SSH with 1Password agent integration and
|
|
# profile-specific host configurations for GitHub and other services.
|
|
{
|
|
config,
|
|
pkgs,
|
|
lib,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
cfg = config.modules.ssh;
|
|
in
|
|
{
|
|
options.modules.ssh = {
|
|
enable = mkEnableOption "SSH configuration";
|
|
|
|
# ==========================================================================
|
|
# Host Configuration Options
|
|
# ==========================================================================
|
|
enableGitHubPrivate = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Enable github-private host configuration";
|
|
};
|
|
|
|
enableGitHubZeronorth = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Enable github-zeronorth host configuration";
|
|
};
|
|
|
|
enableCoder = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Enable Coder SSH host configuration";
|
|
};
|
|
|
|
enableGiteaPrivate = mkOption {
|
|
type = types.bool;
|
|
default = false;
|
|
description = "Enable gitea-ssh.olsen.cloud host configuration";
|
|
};
|
|
|
|
# ==========================================================================
|
|
# Key Configuration
|
|
# ==========================================================================
|
|
githubPrivateKeyPath = mkOption {
|
|
type = types.str;
|
|
default = "~/.ssh/keys/github-private.pub";
|
|
description = "Path to the GitHub private identity file";
|
|
};
|
|
|
|
githubZeronorthKeyPath = mkOption {
|
|
type = types.str;
|
|
default = "~/.ssh/keys/github-zeronorth.pub";
|
|
description = "Path to the GitHub Zeronorth identity file";
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
programs.ssh = {
|
|
enable = true;
|
|
|
|
# Disable default config to avoid deprecation warnings
|
|
enableDefaultConfig = false;
|
|
|
|
# Include colima SSH config for container access
|
|
includes = [ "~/.colima/ssh_config" ];
|
|
|
|
# 1Password SSH agent integration (macOS)
|
|
extraConfig = ''
|
|
IdentityAgent "~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock"
|
|
'';
|
|
|
|
# ==========================================================================
|
|
# Host Configurations
|
|
# ==========================================================================
|
|
matchBlocks = {
|
|
# Default settings for all hosts (replaces top-level options)
|
|
"*" = {
|
|
# Control master for connection sharing
|
|
controlMaster = "auto";
|
|
controlPath = "/tmp/ssh-%r@%h:%p";
|
|
controlPersist = "10m";
|
|
# Forward SSH agent
|
|
forwardAgent = true;
|
|
};
|
|
|
|
# Default GitHub host (always enabled)
|
|
"github.com" = {
|
|
hostname = "ssh.github.com";
|
|
user = "git";
|
|
port = 443;
|
|
};
|
|
|
|
# GitHub private host (for personal projects)
|
|
"github-private" = mkIf cfg.enableGitHubPrivate {
|
|
hostname = "ssh.github.com";
|
|
user = "git";
|
|
port = 443;
|
|
identityFile = cfg.githubPrivateKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# Gitea private host (for personal self-hosted git)
|
|
"gitea-ssh.olsen.cloud" = mkIf cfg.enableGiteaPrivate {
|
|
hostname = "gitea-ssh.olsen.cloud";
|
|
user = "git";
|
|
port = 2202;
|
|
identityFile = cfg.githubPrivateKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# GitHub Zeronorth host (for work projects)
|
|
"github-zeronorth" = mkIf cfg.enableGitHubZeronorth {
|
|
hostname = "ssh.github.com";
|
|
user = "git";
|
|
port = 443;
|
|
identityFile = cfg.githubZeronorthKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# Docker server
|
|
"docker.host" = {
|
|
hostname = "docker.olsen.cloud";
|
|
user = "alice";
|
|
port = 22;
|
|
identityFile = cfg.githubPrivateKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# NAS server
|
|
"nas.host" = {
|
|
hostname = "192.168.20.106";
|
|
user = "morten";
|
|
port = 22;
|
|
identityFile = cfg.githubPrivateKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# Private MacBook
|
|
"macbook.host" = {
|
|
hostname = "192.168.3.9";
|
|
user = "alice";
|
|
port = 22;
|
|
identityFile = cfg.githubPrivateKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# ZN MacBook
|
|
"zn.host" = {
|
|
hostname = "192.168.3.3";
|
|
user = "alice";
|
|
port = 22;
|
|
identityFile = cfg.githubPrivateKeyPath;
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
# Coder hosts (for remote development environments)
|
|
"coder.*" = mkIf cfg.enableCoder {
|
|
extraOptions = {
|
|
ConnectTimeout = "0";
|
|
StrictHostKeyChecking = "no";
|
|
UserKnownHostsFile = "/dev/null";
|
|
LogLevel = "ERROR";
|
|
};
|
|
proxyCommand = ''/opt/homebrew/bin/coder --global-config "~/Library/Application Support/coderv2" ssh --stdio --ssh-host-prefix coder. %h'';
|
|
};
|
|
|
|
"*.coder" = mkIf cfg.enableCoder {
|
|
extraOptions = {
|
|
ConnectTimeout = "0";
|
|
StrictHostKeyChecking = "no";
|
|
UserKnownHostsFile = "/dev/null";
|
|
LogLevel = "ERROR";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# ==========================================================================
|
|
# SSH Key Files
|
|
# ==========================================================================
|
|
# Note: The actual private keys are managed by 1Password.
|
|
# These public key files are used for IdentityFile references.
|
|
# The public keys tell SSH which key to request from the 1Password agent.
|
|
};
|
|
}
|