From 2c3df9ba1e21bed7de1a05a7c6a993cac2ff7ff1 Mon Sep 17 00:00:00 2001 From: ryan4yin Date: Thu, 25 May 2023 01:36:12 +0800 Subject: [PATCH] feat: enable ssh-agent and forwardAgent for homelab's machine --- home/programs/common.nix | 1 - home/programs/git.nix | 62 +++++++++++++++++++++++++++++++++++++++- modules/system.nix | 5 ++++ 3 files changed, 66 insertions(+), 2 deletions(-) diff --git a/home/programs/common.nix b/home/programs/common.nix index 1e05e0f8..a1c46972 100644 --- a/home/programs/common.nix +++ b/home/programs/common.nix @@ -139,7 +139,6 @@ btop.enable = true; # replacement of htop/nmon exa.enable = true; # A modern replacement for ‘ls’ jq.enable = true; # A lightweight and flexible command-line JSON processor - ssh.enable = true; aria2.enable = true; # a # skim provides a single executable: sk. diff --git a/home/programs/git.nix b/home/programs/git.nix index 901b2068..88f90ba8 100644 --- a/home/programs/git.nix +++ b/home/programs/git.nix @@ -2,12 +2,72 @@ pkgs, ... }: { - home.packages = [pkgs.gh]; + # home.packages = [ + # ]; + + programs.ssh = { + enable = true; + + # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"` + # the config's format: + # Host — the nickname you’ll use for the host. + # HostName — the IP address or domain of the remote server. + # User — the username associated with the remote account. + # IdentityFile — the location of your SSH key authentication file for the account. + extraConfig = '' + Host Homelab + Hostname 192.168.* + # allow to securely use local SSH agent to authenticate on the remote machine. + # It has the same effect as adding cli option `ssh -A user@host` + ForwardAgent yes + # romantic holds my homelab~ + IdentityFile ~/.ssh/romantic + # Specifies that ssh should only use the identity file explicitly configured above + # required to prevent sending default identity files first. + IdentitiesOnly yes + + Host GitHub + Hostname github.com + # github is controlled by gluttony~ + IdentityFile ~/.ssh/gluttony + # Specifies that ssh should only use the identity file explicitly configured above + # required to prevent sending default identity files first. + IdentitiesOnly yes + ''; + + # use ssh-agent so we only need to input passphrase once + # run `ssh-add /path/to/key` for every identity file + # check imported keys by `ssh-add -l` + }; programs.git = { enable = true; + lfs.enable = true; userName = "Ryan Yin"; userEmail = "xiaoyin_c@qq.com"; + + extraConfig = { + pull = { + rebase = true; + }; + }; + + # signing = { + # key = "xxx"; + # signByDefault = true; + # }; + + delta = { + enable = true; + options = { + features = "side-by-side"; + }; + }; + }; + + # GitHub CLI tool + programs.gh = { + enable = true; }; } \ No newline at end of file diff --git a/modules/system.nix b/modules/system.nix index b502342f..ba4f3eac 100644 --- a/modules/system.nix +++ b/modules/system.nix @@ -94,6 +94,11 @@ openFirewall = true; }; + # The OpenSSH agent remembers private keys for you + # so that you don’t have to type in passphrases every time you make an SSH connection. + # Use `ssh-add` to add a key to the agent. + programs.ssh.startAgent = true; + # Allow unfree packages nixpkgs.config.allowUnfree = true;