modules/legacy/ssh: Migrate to by-name

1 files changed, 55 insertions, 0 deletions

diff --git a/modules/by-name/ss/ssh/module.nix b/modules/by-name/ss/ssh/module.nix
new file mode 100644
index 00000000..91cc4aeb
--- /dev/null
+++ b/modules/by-name/ss/ssh/module.nix
@@ -0,0 +1,55 @@
+# nixos-config - My current NixOS configuration
+#
+# Copyright (C) 2025 Benedikt Peetz <benedikt.peetz@b-peetz.de>
+# SPDX-License-Identifier: GPL-3.0-or-later
+#
+# This file is part of my nixos-config.
+#
+# You should have received a copy of the License along with this program.
+# If not, see <https://www.gnu.org/licenses/gpl-3.0.txt>.
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}: let
+  cfg = config.soispha.programs.ssh;
+in {
+  options.soispha.programs.ssh = {
+    enable = lib.mkEnableOption "ssh config";
+    rootKnownHosts = lib.mkOption {
+      type = lib.types.attrsOf lib.types.str;
+      description = ''
+        An attrset of keys (the domain) and values (the host key.)
+        These are only applied to the root user.
+      '';
+      default = {};
+      apply = value:
+        builtins.concatStringsSep "\n"
+        (lib.attrsets.mapAttrsToList (hostName: hostKey: "${hostName} ${hostKey}") value);
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    home-manager.users = {
+      root.programs.ssh = {
+        enable = true;
+        compression = true;
+        hashKnownHosts = false;
+        serverAliveInterval = 240;
+        userKnownHostsFile = builtins.toString (pkgs.writeTextFile {
+          name = "root-known-hosts";
+          text = cfg.rootKnownHosts;
+        });
+      };
+
+      soispha.programs.ssh = {
+        enable = true;
+        compression = true;
+        hashKnownHosts = false;
+        serverAliveInterval = 240;
+        userKnownHostsFile = "${config.home-manager.users.soispha.xdg.dataHome}/ssh/known_hosts";
+      };
+    };
+  };
+}