feat: enable ssh-agent and forwardAgent for homelab's machine

home/programs/common.nix

@@ -139,7 +139,6 @@
     btop.enable = true;  # replacement of htop/nmon
     exa.enable = true;   # A modern replacement for ‘ls’
     jq.enable = true;    # A lightweight and flexible command-line JSON processor
-    ssh.enable = true;
     aria2.enable = true;  # a 
 
     # skim provides a single executable: sk.

home/programs/git.nix

@@ -2,12 +2,72 @@
   pkgs,
   ...
 }: {
-  home.packages = [pkgs.gh];
+  # home.packages = [
+  # ];
+
+  programs.ssh = {
+    enable = true;
+
+    # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"`
+    # the config's format:
+    #   Host — the nickname you’ll use for the host.
+    #   HostName — the IP address or domain of the remote server.
+    #   User — the username associated with the remote account.
+    #   IdentityFile — the location of your SSH key authentication file for the account.
+    extraConfig = ''
+      Host Homelab
+        Hostname 192.168.*
+        # allow to securely use local SSH agent to authenticate on the remote machine.
+        # It has the same effect as adding cli option `ssh -A user@host`
+        ForwardAgent yes
+        # romantic holds my homelab~
+        IdentityFile ~/.ssh/romantic
+        # Specifies that ssh should only use the identity file explicitly configured above
+        # required to prevent sending default identity files first.
+        IdentitiesOnly yes
+
+      Host GitHub
+          Hostname github.com
+          # github is controlled by gluttony~
+          IdentityFile ~/.ssh/gluttony
+          # Specifies that ssh should only use the identity file explicitly configured above
+          # required to prevent sending default identity files first.
+          IdentitiesOnly yes
+    '';
+
+    # use ssh-agent so we only need to input passphrase once
+    # run `ssh-add /path/to/key` for every identity file
+    # check imported keys by `ssh-add -l`
+  };
 
   programs.git = {
     enable = true;
+    lfs.enable = true;
 
     userName = "Ryan Yin";
     userEmail = "xiaoyin_c@qq.com";
+
+    extraConfig = {
+      pull = {
+        rebase = true;
+      };
+    };
+
+    # signing = {
+    #   key = "xxx";
+    #   signByDefault = true;
+    # };
+
+    delta = {
+      enable = true;
+      options = {
+        features = "side-by-side";
+      };
+    };
+  };
+
+  # GitHub CLI tool
+  programs.gh = {
+    enable = true;
   };
 }

modules/system.nix

@@ -94,6 +94,11 @@
     openFirewall = true;
   };
 
+  # The OpenSSH agent remembers private keys for you
+  # so that you don’t have to type in passphrases every time you make an SSH connection. 
+  # Use `ssh-add` to add a key to the agent.
+  programs.ssh.startAgent = true;
+
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;