From aa2d52c3f2e2fb1b26e48cf09a3f7ac23a5398b7 Mon Sep 17 00:00:00 2001 From: Benedikt Peetz Date: Thu, 1 May 2025 13:01:30 +0200 Subject: modules/legacy/ssh: Migrate to by-name --- modules/by-name/ss/ssh/module.nix | 55 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 modules/by-name/ss/ssh/module.nix (limited to 'modules/by-name/ss/ssh/module.nix') diff --git a/modules/by-name/ss/ssh/module.nix b/modules/by-name/ss/ssh/module.nix new file mode 100644 index 00000000..91cc4aeb --- /dev/null +++ b/modules/by-name/ss/ssh/module.nix @@ -0,0 +1,55 @@ +# nixos-config - My current NixOS configuration +# +# Copyright (C) 2025 Benedikt Peetz +# SPDX-License-Identifier: GPL-3.0-or-later +# +# This file is part of my nixos-config. +# +# You should have received a copy of the License along with this program. +# If not, see . +{ + config, + lib, + pkgs, + ... +}: let + cfg = config.soispha.programs.ssh; +in { + options.soispha.programs.ssh = { + enable = lib.mkEnableOption "ssh config"; + rootKnownHosts = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + description = '' + An attrset of keys (the domain) and values (the host key.) + These are only applied to the root user. + ''; + default = {}; + apply = value: + builtins.concatStringsSep "\n" + (lib.attrsets.mapAttrsToList (hostName: hostKey: "${hostName} ${hostKey}") value); + }; + }; + + config = lib.mkIf cfg.enable { + home-manager.users = { + root.programs.ssh = { + enable = true; + compression = true; + hashKnownHosts = false; + serverAliveInterval = 240; + userKnownHostsFile = builtins.toString (pkgs.writeTextFile { + name = "root-known-hosts"; + text = cfg.rootKnownHosts; + }); + }; + + soispha.programs.ssh = { + enable = true; + compression = true; + hashKnownHosts = false; + serverAliveInterval = 240; + userKnownHostsFile = "${config.home-manager.users.soispha.xdg.dataHome}/ssh/known_hosts"; + }; + }; + }; +} -- cgit 1.4.1