feat(ssh): initial ssh config

2024-02-26 22:34:31 +13:00 · 2024-02-26 22:34:31 +13:00 · 8fcda1a7e9
commit 8fcda1a7e9
parent 62150d615f
7 changed files with 38 additions and 5 deletions
--- a/home/modules/console/shell/fish/default.nix
+++ b/home/modules/console/shell/fish/default.nix
@ -66,6 +66,9 @@ in
          source "$KITTY_INSTALLATION_DIR/shell-integration/fish/vendor_conf.d/kitty-shell-integration.fish"
          set --prepend fish_complete_path "$KITTY_INSTALLATION_DIR/shell-integration/fish/vendor_completions.d"
        '' +
+        ''
+          set -gx SSH_AUTH_SOCK ~/.1password/agent.sock
+        '' +
        # Use vim bindings and cursors
        ''
          fish_vi_key_bindings
--- a/home/modules/console/utility/ssh/default.nix
+++ b/home/modules/console/utility/ssh/default.nix
@ -11,7 +11,6 @@ in
      enable = true;
      extraConfig = /* config */''
        Host *
-            IdentitiesOnly=yes
            IdentityAgent "~/.1password/agent.sock"
      '';
    };
--- a/home/profile/base/default.nix
+++ b/home/profile/base/default.nix
@ -67,6 +67,7 @@ in
        };
        multiplexer.zellij.enable = true;
        utility = {
+          ssh.enable = true;
          nixIndex.enable = true;
          git.enable = true;
          tools.enable = true;
--- a/system/modules/default.nix
+++ b/system/modules/default.nix
@ -14,6 +14,7 @@
    ./pipewire.nix
    ./security.nix
    ./services
+    ./ssh.nix
  ];


--- a/system/modules/networking.nix
+++ b/system/modules/networking.nix
@ -13,10 +13,6 @@ in
    networking.firewall.allowedTCPPorts = [57621]; # Spotify

    services = {
-      openssh = {
-        enable = true;
-        settings.UseDns = true;
-      };
      resolved.enable = true;
    };

--- a/system/modules/ssh.nix
+++ b/system/modules/ssh.nix
@ -0,0 +1,32 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.systemModules.openssh;
+  key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBn3ff3HaZHIyH4K13k8Mwqu/o7jIABJ8rANK+r2PfJk";
+in
+
+{
+  options.systemModules = {
+    openssh = {
+      enable = lib.mkEnableOption "enable openssh system module";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.sessionVariables.SSH_AUTH_SOCK = "~/.1password/agent.sock";
+
+    users.users.ooks.openssh.authorizedKeys.keys = [ key ];
+
+    services.openssh = {
+      enable = true;
+      settings = {
+        UseDns = true;
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+        StreamLocalBindUnlink = "yes";
+      };
+    };
+    
+  };
+  
+}
--- a/system/profiles/base/default.nix
+++ b/system/profiles/base/default.nix
@ -21,6 +21,7 @@ in
      bootloader.systemd.enable = true;
      programs.gnomeServices.enable = true;
      displayManager.tuigreet.enable = true;
+      openssh.enable = true;
    };

    environment.systemPackages = [pkgs.git];