55 lines
1.2 KiB
Nix
55 lines
1.2 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
let
|
|
cfg = config.programs.ssh;
|
|
runtimeDir = "/run/user/${toString config.home.uid}";
|
|
controlMastersDir = "${runtimeDir}/ssh";
|
|
in
|
|
{
|
|
imports = [
|
|
./home.nix
|
|
./other.nix
|
|
./pvv.nix
|
|
./kyoto-u.nix
|
|
];
|
|
config = lib.mkIf cfg.enable {
|
|
|
|
sops.secrets."ssh/secret-config" = {
|
|
mode = "0444";
|
|
};
|
|
|
|
programs.ssh = {
|
|
includes = [
|
|
config.sops.secrets."ssh/secret-config".path
|
|
"${config.home.homeDirectory}/.ssh/mutable_config"
|
|
];
|
|
|
|
enableDefaultConfig = false;
|
|
|
|
settings."*" = {
|
|
ForwardAgent = false;
|
|
AddKeysToAgent = "no";
|
|
Compression = false;
|
|
ServerAliveInterval = 0;
|
|
ServerAliveCountMax = 3;
|
|
HashKnownHosts = false;
|
|
UserKnownHostsFile = "~/.ssh/known_hosts";
|
|
ControlPersist = "10m";
|
|
# ControlPersist = "no";
|
|
ControlMaster = "auto";
|
|
ControlPath = "${controlMastersDir}/%n%C";
|
|
};
|
|
};
|
|
|
|
systemd.user.tmpfiles.settings."10-ssh" = {
|
|
${controlMastersDir}.d = {
|
|
user = config.home.username;
|
|
mode = "0700";
|
|
};
|
|
"${config.home.homeDirectory}/.ssh/mutable_config".f = {
|
|
user = config.home.username;
|
|
mode = "0600";
|
|
};
|
|
};
|
|
};
|
|
}
|