modules/ssh: Adapt to home-manager module changes

author: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-09-02 09:19:07 +0200
committer: Benedikt Peetz <benedikt.peetz@b-peetz.de> 2025-09-02 09:19:07 +0200
commit: aa4d17290160d2325be8e9e686532f028dac6c59 (patch)
tree: fae6014bb4abe9ce78cea385534a774ca785318d /modules
parent: treewide: Use `river-classic` instead of `river` (diff)
download: nixos-config-aa4d17290160d2325be8e9e686532f028dac6c59.zip
1 files changed, 23 insertions, 11 deletions
diff --git a/modules/by-name/ss/ssh/module.nix b/modules/by-name/ss/ssh/module.nix
index 91cc4aeb..f7218e36 100644
--- a/modules/by-name/ss/ssh/module.nix
+++ b/modules/by-name/ss/ssh/module.nix
@@ -14,6 +14,18 @@
   ...
 }: let
   cfg = config.soispha.programs.ssh;
+
+  mkDefaultMatchBlock = userKnownHostsFile: {
+    addKeysToAgent = "no";
+    compression = true;
+    controlMaster = "no";
+    controlPersist = "no";
+    forwardAgent = false;
+    hashKnownHosts = false;
+    serverAliveCountMax = 3;
+    serverAliveInterval = 240;
+    inherit userKnownHostsFile;
+  };
 in {
   options.soispha.programs.ssh = {
     enable = lib.mkEnableOption "ssh config";
@@ -34,21 +46,21 @@ in {
     home-manager.users = {
       root.programs.ssh = {
         enable = true;
-        compression = true;
-        hashKnownHosts = false;
-        serverAliveInterval = 240;
-        userKnownHostsFile = builtins.toString (pkgs.writeTextFile {
-          name = "root-known-hosts";
-          text = cfg.rootKnownHosts;
-        });
+        enableDefaultConfig = false;
+
+        matchBlocks."*" = mkDefaultMatchBlock (
+          builtins.toString (pkgs.writeTextFile {
+            name = "root-known-hosts";
+            text = cfg.rootKnownHosts;
+          })
+        );
       };
 
       soispha.programs.ssh = {
         enable = true;
-        compression = true;
-        hashKnownHosts = false;
-        serverAliveInterval = 240;
-        userKnownHostsFile = "${config.home-manager.users.soispha.xdg.dataHome}/ssh/known_hosts";
+        enableDefaultConfig = false;
+
+        matchBlocks."*" = mkDefaultMatchBlock "${config.home-manager.users.soispha.xdg.dataHome}/ssh/known_hosts";
       };
     };
   };
author	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-09-02 09:19:07 +0200
committer	Benedikt Peetz <benedikt.peetz@b-peetz.de>	2025-09-02 09:19:07 +0200
commit	aa4d17290160d2325be8e9e686532f028dac6c59 (patch)
tree	fae6014bb4abe9ce78cea385534a774ca785318d /modules
parent	treewide: Use `river-classic` instead of `river` (diff)
download	nixos-config-aa4d17290160d2325be8e9e686532f028dac6c59.zip