From bdbbe6c9db93ccd1bd96fa90fa734cc45a2a3415 Mon Sep 17 00:00:00 2001 From: oddlama Date: Thu, 9 Feb 2023 03:07:24 +0100 Subject: [PATCH] feat: add ssh config --- users/myuser/default.nix | 1 + users/myuser/ssh.nix | 74 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) create mode 100644 users/myuser/ssh.nix diff --git a/users/myuser/default.nix b/users/myuser/default.nix index 29dcfad..1b69b59 100644 --- a/users/myuser/default.nix +++ b/users/myuser/default.nix @@ -24,6 +24,7 @@ with lib; { ../common ./dev.nix ./gpg.nix + ./ssh.nix ]; home = { diff --git a/users/myuser/ssh.nix b/users/myuser/ssh.nix new file mode 100644 index 0000000..ada0ea5 --- /dev/null +++ b/users/myuser/ssh.nix @@ -0,0 +1,74 @@ +{pkgs, ...}: { + home.file.".ssh/yubikey.pub".text = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA5Uq+CDy5Pmt3If5M6d8K/Q7HArU6sZ7sgoj3T521Wm cardno:15 209 174"; + programs.ssh = { + enable = true; + matchBlocks = let + withYubikey = {identityFile = ["~/.ssh/yubikey.pub"];}; + in { + "*" = { + identitiesOnly = true; + }; + meister = + { + user = "root"; + hostname = "meister.oddlama.org"; + } + // withYubikey; + envoy = + { + user = "root"; + hostname = "94.130.104.236"; + } + // withYubikey; + vm-base = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.01"; + } + // withYubikey; + vm-misc = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.16"; + } + // withYubikey; + vm-samba = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.64"; + } + // withYubikey; + vm-nginx = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.128"; + } + // withYubikey; + vm-radicale = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.129"; + } + // withYubikey; + vm-vaultwarden = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.130"; + } + // withYubikey; + vm-test = + { + user = "root"; + proxyJump = "meister"; + hostname = "172.16.0.255"; + } + // withYubikey; + }; + }; +}