Commit c159dc1bdee8
Changed files (3)
ops/hosts.toml
@@ -58,7 +58,7 @@ addrs = { v4 = "10.100.0.16" }
[hosts.kerkouane]
network = "vpn"
# addrs = { v4 = "167.99.17.238" } # FIXME probably not right
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane", gpgRemoteForward = true }
+ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane", gpgRemoteForward = true, command = "tmux new -A -s default" }
[hosts.kerkouane.wireguard]
addrs = { v4 = "10.100.0.1" }
systems/hosts/wakasu.nix
@@ -76,6 +76,12 @@ in
desktop = {
wayland.sway.enable = true;
};
+ # dev = {
+ # };
+ # profiles = {
+ # home = true;
+ # work.redhat = true;
+ # };
services = {
syncthing = {
enable = true;
@@ -86,7 +92,6 @@ in
};
# TODO Migrate to modules
- profiles.ssh.enable = true;
profiles.home = true;
profiles.avahi.enable = true;
environment.systemPackages = with pkgs; [
users/vincent/core/ssh.nix
@@ -16,13 +16,17 @@ let
hasWireguard = name: value: hasAttr "wireguard" value;
hasAddrs = name: value: hasAttr "addrs" value;
hasSShAndRemoteForward = v: (hasAttr "ssh" v) && (hasAttr "gpgRemoteForward" v.ssh);
+ hasCommand = v: hasAttr "command" v;
hostWireguardIP = v: "${v.wireguard.addrs.v4}";
hostIP = v: "${v.addrs.v4}";
+ hostRemoteCommand = v: "${v.command}";
hostToSSHConfigItem = value: ipfn: {
hostname = ipfn value;
remoteForwards = mkIf (hasSShAndRemoteForward value) [ gpgRemoteForward gpgSSHRemoteForward ];
+ # FIXME: need support for RemoteCommand in home-manager
+ # RemoteCommand = mkIf (hasCommand value) hostRemoteCommand value;
};
hostToSSHConfig = suffix: ipfn:
name: value: attrsets.nameValuePair
@@ -97,6 +101,9 @@ in
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
StreamLocalBindUnlink yes
+ IdentityFile ~/.ssh/keys/%h
+ IdentityFile ~/.ssh/id_ed25519
+ IdentityFile ~/.ssh/id_rsa
'';
};
# FIXME generate this file as well