homeModules/programs/ssh/default.nix at 80a10727f24e38341ce778b37bb46f90b3f4ddf6 · pyrox.dev/nix

pyrox.dev / nix

My Nix Configuration

nix / homeModules / programs / ssh / default.nix

at 80a10727f24e38341ce778b37bb46f90b3f4ddf6 1.6 kB view raw

 1{ lib, config, ... }:
 2let
 3  cfg = config.py.programs.ssh;
 4in
 5{
 6  options.py.programs.ssh.enable = lib.mkEnableOption "ssh";
 7  config = lib.mkIf cfg.enable {
 8    programs.ssh = {
 9      enable = true;
10      enableDefaultConfig = false;
11      matchBlocks = {
12        "*" = {
13          forwardAgent = false;
14          addKeysToAgent = "no";
15          serverAliveInterval = 0;
16          serverAliveCountMax = 3;
17          hashKnownHosts = false;
18          userKnownHostsFile = "~/.ssh/known_hosts";
19          controlMaster = "no";
20          controlPath = "~/.ssh/master-%r@%n:%p";
21          controlPersist = "no";
22          compression = true;
23        };
24        "marvin" = {
25          hostname = "100.123.15.72";
26          user = "thehedgehog";
27          port = 22;
28          extraOptions = {
29            "IdentitiesOnly" = "no";
30            "PreferredAuthentications" = "publickey";
31          };
32        };
33        "prefect" = {
34          hostname = "100.93.63.54";
35          user = "thehedgehog";
36          port = 22;
37          extraOptions = {
38            "IdentitiesOnly" = "no";
39            "PreferredAuthentications" = "publickey";
40          };
41        };
42        "botw" = {
43          hostname = "bandit.labs.overthewire.org";
44          port = 2220;
45          sendEnv = [
46            "WECHALLUSER"
47            "WECHALLTOKEN"
48          ];
49        };
50      };
51      extraOptionOverrides = {
52        "Match" = ''host * exec "gpg-connect-agent UPDATESTARTUPTTY /bye"'';
53      };
54    };
55    home.file.".ssh/authorized_signatures".text = import ./ssh-auth-signers.nix;
56  };
57}