home

Unnamed repository; edit this file 'description' to name the repository.
Log | Files | Refs | README | LICENSE

commit 697dba0d8a96ecf24b43490a33f09c785ce9b912
parent bb391074e5645029b382792758d7797e382001f6
Author: Vincent Demeester <vincent@sbr.pm>
Date:   Mon,  1 Jun 2020 14:09:49 +0200

users/vincent: add ssh to core

Signed-off-by: Vincent Demeester <vincent@sbr.pm>

Diffstat:
Musers/vincent/core/default.nix | 1+
Musers/vincent/core/shell.nix | 1+
Ausers/vincent/core/ssh.nix | 61+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 63 insertions(+), 0 deletions(-)

diff --git a/users/vincent/core/default.nix b/users/vincent/core/default.nix @@ -8,6 +8,7 @@ ./git.nix ./gpg.nix ./htop.nix + ./ssh.nix ./tmux.nix ./xdg.nix ./zsh.nix diff --git a/users/vincent/core/shell.nix b/users/vincent/core/shell.nix @@ -15,6 +15,7 @@ }; env = '' + export PATH=$HOME/bin:$PATH export LESSHISTFILE="${config.xdg.dataHome}/less_history" export GOPATH=${config.home.homeDirectory} export WEBKIT_DISABLE_COMPOSITING_MODE=1; diff --git a/users/vincent/core/ssh.nix b/users/vincent/core/ssh.nix @@ -0,0 +1,61 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + patchedOpenSSH = pkgs.openssh.override { withKerberos = true; withGssapiPatches = true; }; +in +{ + home.packages = [ + patchedOpenSSH + ]; + home.file.".ssh/sockets/.placeholder".text = ''''; + xdg.configFile.".ssh/.placeholder".text = ''''; + programs.ssh = { + enable = true; + + serverAliveInterval = 60; + hashKnownHosts = true; + userKnownHostsFile = "${config.xdg.configHome}/ssh/known_hosts"; + controlPath = "${config.home.homeDirectory}/.ssh/sockets/%u-%l-%r@%h:%p"; + matchBlocks = { + "github.com" = { + hostname = "github.com"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "gitlab.com" = { + hostname = "gitlab.com"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "git.sr.ht" = { + hostname = "git.sr.ht"; + user = "git"; + extraOptions = { + controlMaster = "auto"; + controlPersist = "360"; + }; + }; + "*.redhat.com" = { + user = "vdemeest"; + }; + "192.168.1.*" = { + forwardAgent = true; + }; + "10.100.0.*" = { + forwardAgent = true; + }; + }; # FIXME with optional secrets // cfg.machines; + extraConfig = '' + PreferredAuthentications gssapi-with-mic,publickey,password + GSSAPIAuthentication yes + GSSAPIDelegateCredentials yes + ''; + }; +}