From 8fcda1a7e963800ce7432c9f1918873afc356074 Mon Sep 17 00:00:00 2001 From: ooks-io Date: Mon, 26 Feb 2024 22:34:31 +1300 Subject: [PATCH] feat(ssh): initial ssh config --- home/modules/console/shell/fish/default.nix | 3 ++ home/modules/console/utility/ssh/default.nix | 1 - home/profile/base/default.nix | 1 + system/modules/default.nix | 1 + system/modules/networking.nix | 4 --- system/modules/ssh.nix | 32 ++++++++++++++++++++ system/profiles/base/default.nix | 1 + 7 files changed, 38 insertions(+), 5 deletions(-) create mode 100644 system/modules/ssh.nix diff --git a/home/modules/console/shell/fish/default.nix b/home/modules/console/shell/fish/default.nix index eaa698e..ab75bb2 100644 --- a/home/modules/console/shell/fish/default.nix +++ b/home/modules/console/shell/fish/default.nix @@ -66,6 +66,9 @@ in source "$KITTY_INSTALLATION_DIR/shell-integration/fish/vendor_conf.d/kitty-shell-integration.fish" set --prepend fish_complete_path "$KITTY_INSTALLATION_DIR/shell-integration/fish/vendor_completions.d" '' + + '' + set -gx SSH_AUTH_SOCK ~/.1password/agent.sock + '' + # Use vim bindings and cursors '' fish_vi_key_bindings diff --git a/home/modules/console/utility/ssh/default.nix b/home/modules/console/utility/ssh/default.nix index 5fd3430..7dd80d6 100644 --- a/home/modules/console/utility/ssh/default.nix +++ b/home/modules/console/utility/ssh/default.nix @@ -11,7 +11,6 @@ in enable = true; extraConfig = /* config */'' Host * - IdentitiesOnly=yes IdentityAgent "~/.1password/agent.sock" ''; }; diff --git a/home/profile/base/default.nix b/home/profile/base/default.nix index c814f4b..3e25b4f 100644 --- a/home/profile/base/default.nix +++ b/home/profile/base/default.nix @@ -67,6 +67,7 @@ in }; multiplexer.zellij.enable = true; utility = { + ssh.enable = true; nixIndex.enable = true; git.enable = true; tools.enable = true; diff --git a/system/modules/default.nix b/system/modules/default.nix index f4823d8..b8a6c41 100644 --- a/system/modules/default.nix +++ b/system/modules/default.nix @@ -14,6 +14,7 @@ ./pipewire.nix ./security.nix ./services + ./ssh.nix ]; diff --git a/system/modules/networking.nix b/system/modules/networking.nix index 3faf6c6..3396df8 100644 --- a/system/modules/networking.nix +++ b/system/modules/networking.nix @@ -13,10 +13,6 @@ in networking.firewall.allowedTCPPorts = [57621]; # Spotify services = { - openssh = { - enable = true; - settings.UseDns = true; - }; resolved.enable = true; }; diff --git a/system/modules/ssh.nix b/system/modules/ssh.nix new file mode 100644 index 0000000..a2e5ed1 --- /dev/null +++ b/system/modules/ssh.nix @@ -0,0 +1,32 @@ +{ lib, config, ... }: + +let + cfg = config.systemModules.openssh; + key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBn3ff3HaZHIyH4K13k8Mwqu/o7jIABJ8rANK+r2PfJk"; +in + +{ + options.systemModules = { + openssh = { + enable = lib.mkEnableOption "enable openssh system module"; + }; + }; + + config = lib.mkIf cfg.enable { + environment.sessionVariables.SSH_AUTH_SOCK = "~/.1password/agent.sock"; + + users.users.ooks.openssh.authorizedKeys.keys = [ key ]; + + services.openssh = { + enable = true; + settings = { + UseDns = true; + PasswordAuthentication = false; + PermitRootLogin = "no"; + StreamLocalBindUnlink = "yes"; + }; + }; + + }; + +} diff --git a/system/profiles/base/default.nix b/system/profiles/base/default.nix index 73db64c..9082c90 100644 --- a/system/profiles/base/default.nix +++ b/system/profiles/base/default.nix @@ -21,6 +21,7 @@ in bootloader.systemd.enable = true; programs.gnomeServices.enable = true; displayManager.tuigreet.enable = true; + openssh.enable = true; }; environment.systemPackages = [pkgs.git];