commit e29499a31e45d3a406cd8fc27d09836294afdf42
parent 73bcdbdbd01b5f2f06f0a4fb37ddabc828bd648c
Author: Vincent Demeester <vincent@sbr.pm>
Date: Mon, 1 Jun 2020 18:52:40 +0200
users/vincent/core: better ssh config (secret)
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
Diffstat:
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/users/vincent/core/ssh.nix b/users/vincent/core/ssh.nix
@@ -3,6 +3,9 @@
with lib;
let
patchedOpenSSH = pkgs.openssh.override { withKerberos = true; withGssapiPatches = true; };
+ secretPath = ../../secrets/machines.nix;
+ secretCondition = (builtins.pathExists secretPath);
+ sshConfig = optionalAttrs secretCondition (import secretPath).sshConfig;
in
{
home.packages = [
@@ -51,7 +54,7 @@ in
"10.100.0.*" = {
forwardAgent = true;
};
- }; # FIXME with optional secrets // cfg.machines;
+ } // sshConfig; # FIXME with optional secrets // cfg.machines;
extraConfig = ''
PreferredAuthentications gssapi-with-mic,publickey,password
GSSAPIAuthentication yes