switch over to generative ssh config

2024-11-21 15:48:48 +01:00 · 2024-06-04 22:26:37 +02:00 · 2024-06-04 22:26:37 +02:00 · e87963f9d7
commit e87963f9d7
parent ed12b67cb9
2 changed files with 92 additions and 4 deletions
--- a/home-manager/modules/machine.nix
+++ b/home-manager/modules/machine.nix
@ -29,6 +29,7 @@ with lib;
    ./../programs/syncthing.nix
    ./../programs/hstr.nix
    ./../programs/thefuck.nix
+    ./../programs/ssh.nix
    ./../../nix.nix
    ./packages.nix
  ];
@ -84,10 +85,6 @@ with lib;
        ".config/nano/nanorc".text = ''
          set linenumbers
        '';
-        ".ssh/config_source" = {
-          source = ./../dotfiles/ssh-config;
-          onChange = "cat ~/.ssh/config_source > ~/.ssh/config && chmod 600 ~/.ssh/config";
-        };
        ".gitignore".source = ./../dotfiles/.gitignore;
        ".config/pipewire/pipewire.conf.d/99-noise-suppression.conf".text = ''
          context.modules = [{
--- a/home-manager/programs/ssh.nix
+++ b/home-manager/programs/ssh.nix
@ -0,0 +1,91 @@
+{ lib, ... }:
+
+let
+  ownDomains = [
+    "thilo-billerbeck.com"
+    "avocadoom.de"
+    "officerent.de"
+  ];
+  thiloBillerbeckHosts = [
+    "lisa"
+    "bart"
+    "burns"
+    "homer"
+    "marge"
+    "apu"
+    "krusty"
+    "skinner"
+  ];
+  manualMatchBlocks = {
+    "github.com" = {
+      identityFile = "~/.ssh/id_github-com";
+      user = "git";
+      identitiesOnly = true;
+    };
+    "mail" = { hostname = "mail.officerent.de"; };
+    "*.tu-darmstadt.de" = {
+      identityFile = "~/.ssh/id_tu-darmstadt-de";
+    };
+    "*.rwth-aachen.de" = {
+      identityFile = "~/.ssh/id_tu-darmstadt-de";
+    };
+    "*.tobias-neidig.de" = {
+      identityFile = "~/.ssh/id_tobias-neidig-de";
+    };
+    "*.darmstadt.ccc.de" = {
+      identityFile = "~/.ssh/id_darmstadt-ccc-de";
+    };
+    "*.relaix.net" = {
+      identityFile = "~/.ssh/id_relaix-net";
+      user = "tbillerbeck";
+    };
+    "*.w17.io" = {
+      user = "chaos";
+      identityFile = "~/.ssh/id_w17";
+    };
+    "*.tailscale.net" = {
+      user = "thilo";
+      identityFile = "~/.ssh/id_tailscale";
+    };
+    "ssh.dev.azure.com" = {
+      identityFile = "~/.ssh/id_azure-com";
+      identitiesOnly = true;
+      extraOptions = {
+        HostkeyAlgorithms = "+ssh-rsa";
+        PubkeyAcceptedKeyTypes = "+ssh-rsa";
+      };
+    };
+  };
+  catchAlls = builtins.listToAttrs (
+    builtins.map (host: {
+      name = "*.${host}";
+      value = {
+        identityFile = "~/.ssh/id_thilo-billerbeck-com";
+        user = "root";
+      };
+    }) ownDomains
+  );
+  hostnameAliasses = builtins.listToAttrs (
+    builtins.map (host: {
+      name = "${host}";
+      value = {
+        hostname = "${host}.thilo-billerbeck.com";
+      };
+    }) thiloBillerbeckHosts
+  );
+  buildersCCCDA = builtins.listToAttrs (
+    builtins.map (host: {
+      name = "build${host}.darmstadt.ccc.de";
+      value = {
+        	user = "avocadoom";
+          identityFile = "~/.ssh/id_darmstadt-ccc-de";
+      };
+    }) ["1" "2" "3" "4"]
+  );
+in
+{
+  programs.ssh = {
+    enable = true;
+    matchBlocks = manualMatchBlocks // catchAlls // hostnameAliasses // buildersCCCDA;
+  };
+}