commit c159dc1bdee89eb2337002102f278216ddf266ca
parent 838c2d959c53c56dbcca36517790ba324bd053ba
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 22 Aug 2022 10:50:35 +0200
systems/hosts/wakasu: misc updates
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
3 files changed, 14 insertions(+), 2 deletions(-)
diff --git a/ops/hosts.toml b/ops/hosts.toml
@@ -58,7 +58,7 @@ addrs = { v4 = "10.100.0.16" }
[hosts.kerkouane]
network = "vpn"
# addrs = { v4 = "167.99.17.238" } # FIXME probably not right
-ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane", gpgRemoteForward = true }
+ssh = { pubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILtEnw+3WMa9ESRyKdBUp/OHd8NPQdHLoqQ58L3YXF1o vincent@kerkouane", gpgRemoteForward = true, command = "tmux new -A -s default" }
[hosts.kerkouane.wireguard]
addrs = { v4 = "10.100.0.1" }
diff --git a/systems/hosts/wakasu.nix b/systems/hosts/wakasu.nix
@@ -76,6 +76,12 @@ in
desktop = {
wayland.sway.enable = true;
};
+ # dev = {
+ # };
+ # profiles = {
+ # home = true;
+ # work.redhat = true;
+ # };
services = {
syncthing = {
enable = true;
@@ -86,7 +92,6 @@ in
};
# TODO Migrate to modules
- profiles.ssh.enable = true;
profiles.home = true;
profiles.avahi.enable = true;
environment.systemPackages = with pkgs; [
diff --git a/users/vincent/core/ssh.nix b/users/vincent/core/ssh.nix
@@ -16,13 +16,17 @@ let
hasWireguard = name: value: hasAttr "wireguard" value;
hasAddrs = name: value: hasAttr "addrs" value;
hasSShAndRemoteForward = v: (hasAttr "ssh" v) && (hasAttr "gpgRemoteForward" v.ssh);
+ hasCommand = v: hasAttr "command" v;
hostWireguardIP = v: "${v.wireguard.addrs.v4}";
hostIP = v: "${v.addrs.v4}";
+ hostRemoteCommand = v: "${v.command}";
hostToSSHConfigItem = value: ipfn: {
hostname = ipfn value;
remoteForwards = mkIf (hasSShAndRemoteForward value) [ gpgRemoteForward gpgSSHRemoteForward ];
+ # FIXME: need support for RemoteCommand in home-manager
+ # RemoteCommand = mkIf (hasCommand value) hostRemoteCommand value;
};
hostToSSHConfig = suffix: ipfn:
name: value: attrsets.nameValuePair
@@ -97,6 +101,9 @@ in
GSSAPIAuthentication yes
GSSAPIDelegateCredentials yes
StreamLocalBindUnlink yes
+ IdentityFile ~/.ssh/keys/%h
+ IdentityFile ~/.ssh/id_ed25519
+ IdentityFile ~/.ssh/id_rsa
'';
};
# FIXME generate this file as well