feat: modular ssh config

2026-03-25 10:52:03 +01:00 · 2023-12-24 21:09:16 +08:00
parent ac4f625768
commit 55e12cddaf
12 changed files with 98 additions and 52 deletions
--- a/home/linux/desktop/base/ssh.nix
+++ b/home/linux/desktop/base/ssh.nix
@@ -1,4 +1,4 @@
-{pkgs, ...}: {
+_: {
  programs.ssh = {
    enable = true;

@@ -23,13 +23,6 @@
        # required to prevent sending default identity files first.
        IdentitiesOnly yes

-      Host github.com
-          # github is controlled by gluttony~
-          IdentityFile ~/.ssh/gluttony
-          # Specifies that ssh should only use the identity file explicitly configured above
-          # required to prevent sending default identity files first.
-          IdentitiesOnly yes
-
      Host gtr5
        HostName 192.168.5.172
        Port 22
--- a/home/darwin/shell.nix
+++ b/home/darwin/shell.nix
@@ -16,38 +16,4 @@
      export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH"
    '';
  };
-
-  programs.ssh = {
-    enable = true;
-
-    # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"`
-    # the config's format:
-    #   Host —  given the pattern used to match against the host name given on the command line.
-    #   HostName — specify nickname or abbreviation for host
-    #   IdentityFile — the location of your SSH key authentication file for the account.
-    # format in details:
-    #   https://www.ssh.com/academy/ssh/config
-    extraConfig = ''
-      # a private key that is used during authentication will be added to ssh-agent if it is running
-      AddKeysToAgent yes
-
-      Host 192.168.*
-        # allow to securely use local SSH agent to authenticate on the remote machine.
-        # It has the same effect as adding cli option `ssh -A user@host`
-        ForwardAgent yes
-        # romantic holds my homelab~
-        IdentityFile ~/.ssh/romantic
-        # Specifies that ssh should only use the identity file explicitly configured above
-        # required to prevent sending default identity files first.
-        IdentitiesOnly yes
-
-      Host github.com
-        Hostname github.com
-        # github is controlled by gluttony~
-        IdentityFile ~/.ssh/harmonica
-        # Specifies that ssh should only use the identity file explicitly configured above
-        # required to prevent sending default identity files first.
-        IdentitiesOnly yes
-    '';
-  };
 }
--- a/hosts/12kingdoms/shoukei/home.nix
+++ b/hosts/12kingdoms/shoukei/home.nix
@@ -9,4 +9,17 @@
  modules.desktop.i3 = {
    nvidia = false;
  };
+
+  programs.ssh = {
+    enable = true;
+    extraConfig = ''
+      Host github.com
+        Hostname github.com
+        # github is controlled by shoukei~
+        IdentityFile ~/.ssh/shoukei
+        # Specifies that ssh should only use the identity file explicitly configured above
+        # required to prevent sending default identity files first.
+        IdentitiesOnly yes
+    '';
+  };
 }
--- a/hosts/README.md
+++ b/hosts/README.md
@@ -12,7 +12,8 @@
   1. `nozomi`: Lichee Pi 4A, TH1520(4xC910@2.0G), 8GB RAM + 32G eMMC + 64G SD Card.
   2. `yukina`: Lichee Pi 4A(Internal Test Version), TH1520(4xC910@2.0G), 8GB RAM + 8G eMMC + 128G SD Card.
   3. `chiaya`: Milk-V Mars, JH7110(4xU74@1.5 GHz), 4G RAM + No eMMC + 64G SD Card.
-4. `12kingdoms`: Currently only one aarch64 host
+4. `12kingdoms`: 
+   1. `shoukei`: NixOS
   1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM + 256G SSD.


--- a/hosts/fern/home.nix
+++ b/hosts/fern/home.nix
@@ -0,0 +1,14 @@
+_: {
+  programs.ssh = {
+    enable = true;
+    extraConfig = ''
+      Host github.com
+        Hostname github.com
+        # github is controlled by fern~
+        IdentityFile ~/.ssh/fern
+        # Specifies that ssh should only use the identity file explicitly configured above
+        # required to prevent sending default identity files first.
+        IdentitiesOnly yes
+    '';
+  };
+}
--- a/hosts/harmonica/home.nix
+++ b/hosts/harmonica/home.nix
@@ -0,0 +1,14 @@
+_: {
+  programs.ssh = {
+    enable = true;
+    extraConfig = ''
+      Host github.com
+        Hostname github.com
+        # github is controlled by harmonica~
+        IdentityFile ~/.ssh/harmonica
+        # Specifies that ssh should only use the identity file explicitly configured above
+        # required to prevent sending default identity files first.
+        IdentitiesOnly yes
+    '';
+  };
+}
--- a/hosts/idols/ai/home.nix
+++ b/hosts/idols/ai/home.nix
@@ -0,0 +1,24 @@
+{
+  modules.desktop.hyprland = {
+    nvidia = false;
+    # settings = {
+    #   monitor = "";
+    # };
+  };
+
+  modules.desktop.i3 = {
+    nvidia = false;
+  };
+
+  programs.ssh = {
+    enable = true;
+    extraConfig = ''
+      Host github.com
+          # github is controlled by gluttony~
+          IdentityFile ~/.ssh/gluttony
+          # Specifies that ssh should only use the identity file explicitly configured above
+          # required to prevent sending default identity files first.
+          IdentitiesOnly yes
+    '';
+  };
+}
--- a/hosts/idols/aquamarine/home.nix
+++ b/hosts/idols/aquamarine/home.nix
@@ -0,0 +1,2 @@
+{
+}
--- a/hosts/idols/kana/home.nix
+++ b/hosts/idols/kana/home.nix
@@ -0,0 +1,2 @@
+{
+}
--- a/hosts/idols/ruby/home.nix
+++ b/hosts/idols/ruby/home.nix
@@ -0,0 +1,2 @@
+{
+}
--- a/modules/base.nix
+++ b/modules/base.nix
@@ -2,7 +2,7 @@
  users.users.${username} = {
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfp/hvegbK04HykWvoY1EbDW+vXu1AlCjVivWE2ZeR ryan@shoukei"
    ];
  };

--- a/systems/vars.nix
+++ b/systems/vars.nix
@@ -45,7 +45,10 @@ in {
      ../modules/nixos/server.nix
      ../modules/nixos/proxmox-hardware-configuration.nix
    ];
-    home-module = import ../home/linux/server.nix;
+    home-module.imports = [
+      ../hosts/idols/aquamarine/home.nix
+      ../home/linux/server.nix
+    ];
  };
  idol_aquamarine_tags = ["dist-build" "aqua"];

@@ -56,7 +59,10 @@ in {
      ../modules/nixos/server.nix
      ../modules/nixos/proxmox-hardware-configuration.nix
    ];
-    home-module = import ../home/linux/server.nix;
+    home-module.imports = [
+      ../hosts/idols/ruby/home.nix
+      ../home/linux/server.nix
+    ];
  };
  idol_ruby_tags = ["dist-build" "ruby"];

@@ -67,7 +73,10 @@ in {
      ../modules/nixos/server.nix
      ../modules/nixos/proxmox-hardware-configuration.nix
    ];
-    home-module = import ../home/linux/server.nix;
+    home-module.imports = [
+      ../hosts/idols/kana/home.nix
+      ../home/linux/server.nix
+    ];
  };
  idol_kana_tags = ["dist-build" "kana"];

@@ -80,7 +89,7 @@ in {
      # cross-compilation this flake.
      {nixpkgs.crossSystem.system = "riscv64-linux";}
    ];
-    # home-module = import ../home/linux/server.nix;
+    # home-module.imports = [];
  };
  rolling_nozomi_tags = ["riscv" "nozomi"];

@@ -93,7 +102,7 @@ in {
      # cross-compilation this flake.
      {nixpkgs.crossSystem.system = "riscv64-linux";}
    ];
-    # home-module = import ../home/linux/server.nix;
+    # home-module.imports = [];
  };
  rolling_yukina_tags = ["riscv" "yukina"];

@@ -106,7 +115,7 @@ in {
      # cross-compilation this flake.
      {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";}
    ];
-    # home-module = import ../home/linux/server.nix;
+    # home-module.imports = [];
  };
  _12kingdoms_suzu_tags = ["aarch" "suzu"];

@@ -149,7 +158,10 @@ in {
      ../modules/darwin
      ../secrets/darwin.nix
    ];
-    home-module = import ../home/darwin;
+    home-module.imports = [
+      ../hosts/harmonica/home.nix
+      ../home/darwin
+    ];
  };
  darwin_fern_modules = {
    darwin-modules = [
@@ -158,6 +170,9 @@ in {
      ../modules/darwin
      ../secrets/darwin.nix
    ];
-    home-module = import ../home/darwin;
+    home-module.imports = [
+      ../hosts/fern/home.nix
+      ../home/darwin
+    ];
  };
 }