From 55e12cddaf4ac264316c39a94d67be08d395ec22 Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Sun, 24 Dec 2023 21:09:16 +0800 Subject: [PATCH] feat: modular ssh config --- .../desktop/base => base/desktop}/ssh.nix | 9 +---- home/darwin/shell.nix | 34 ------------------- hosts/12kingdoms/shoukei/home.nix | 13 +++++++ hosts/README.md | 3 +- hosts/fern/home.nix | 14 ++++++++ hosts/harmonica/home.nix | 14 ++++++++ hosts/idols/ai/home.nix | 24 +++++++++++++ hosts/idols/aquamarine/home.nix | 2 ++ hosts/idols/kana/home.nix | 2 ++ hosts/idols/ruby/home.nix | 2 ++ modules/base.nix | 2 +- systems/vars.nix | 31 ++++++++++++----- 12 files changed, 98 insertions(+), 52 deletions(-) rename home/{linux/desktop/base => base/desktop}/ssh.nix (84%) create mode 100644 hosts/fern/home.nix create mode 100644 hosts/harmonica/home.nix create mode 100644 hosts/idols/ai/home.nix create mode 100644 hosts/idols/aquamarine/home.nix create mode 100644 hosts/idols/kana/home.nix create mode 100644 hosts/idols/ruby/home.nix diff --git a/home/linux/desktop/base/ssh.nix b/home/base/desktop/ssh.nix similarity index 84% rename from home/linux/desktop/base/ssh.nix rename to home/base/desktop/ssh.nix index 4d2ae668..5a396627 100644 --- a/home/linux/desktop/base/ssh.nix +++ b/home/base/desktop/ssh.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +_: { programs.ssh = { enable = true; @@ -23,13 +23,6 @@ # required to prevent sending default identity files first. IdentitiesOnly yes - Host github.com - # github is controlled by gluttony~ - IdentityFile ~/.ssh/gluttony - # Specifies that ssh should only use the identity file explicitly configured above - # required to prevent sending default identity files first. - IdentitiesOnly yes - Host gtr5 HostName 192.168.5.172 Port 22 diff --git a/home/darwin/shell.nix b/home/darwin/shell.nix index 24759905..7c391cdb 100644 --- a/home/darwin/shell.nix +++ b/home/darwin/shell.nix @@ -16,38 +16,4 @@ export PATH="/opt/homebrew/bin:/usr/local/bin:$PATH" ''; }; - - programs.ssh = { - enable = true; - - # all my ssh private key are generated by `ssh-keygen -t ed25519 -C "ryan@nickname"` - # the config's format: - # Host — given the pattern used to match against the host name given on the command line. - # HostName — specify nickname or abbreviation for host - # IdentityFile — the location of your SSH key authentication file for the account. - # format in details: - # https://www.ssh.com/academy/ssh/config - extraConfig = '' - # a private key that is used during authentication will be added to ssh-agent if it is running - AddKeysToAgent yes - - Host 192.168.* - # allow to securely use local SSH agent to authenticate on the remote machine. - # It has the same effect as adding cli option `ssh -A user@host` - ForwardAgent yes - # romantic holds my homelab~ - IdentityFile ~/.ssh/romantic - # Specifies that ssh should only use the identity file explicitly configured above - # required to prevent sending default identity files first. - IdentitiesOnly yes - - Host github.com - Hostname github.com - # github is controlled by gluttony~ - IdentityFile ~/.ssh/harmonica - # Specifies that ssh should only use the identity file explicitly configured above - # required to prevent sending default identity files first. - IdentitiesOnly yes - ''; - }; } diff --git a/hosts/12kingdoms/shoukei/home.nix b/hosts/12kingdoms/shoukei/home.nix index 0d544056..300e74a1 100644 --- a/hosts/12kingdoms/shoukei/home.nix +++ b/hosts/12kingdoms/shoukei/home.nix @@ -9,4 +9,17 @@ modules.desktop.i3 = { nvidia = false; }; + + programs.ssh = { + enable = true; + extraConfig = '' + Host github.com + Hostname github.com + # github is controlled by shoukei~ + IdentityFile ~/.ssh/shoukei + # Specifies that ssh should only use the identity file explicitly configured above + # required to prevent sending default identity files first. + IdentitiesOnly yes + ''; + }; } diff --git a/hosts/README.md b/hosts/README.md index 89a71c11..3e51cfd4 100644 --- a/hosts/README.md +++ b/hosts/README.md @@ -12,7 +12,8 @@ 1. `nozomi`: Lichee Pi 4A, TH1520(4xC910@2.0G), 8GB RAM + 32G eMMC + 64G SD Card. 2. `yukina`: Lichee Pi 4A(Internal Test Version), TH1520(4xC910@2.0G), 8GB RAM + 8G eMMC + 128G SD Card. 3. `chiaya`: Milk-V Mars, JH7110(4xU74@1.5 GHz), 4G RAM + No eMMC + 64G SD Card. -4. `12kingdoms`: Currently only one aarch64 host +4. `12kingdoms`: + 1. `shoukei`: NixOS 1. `suzu`: Orange Pi 5, RK3588s(4xA76 + 4xA55), GPU(4Cores, Mail-G610), NPU(6Tops@int8), 8G RAM + 256G SSD. diff --git a/hosts/fern/home.nix b/hosts/fern/home.nix new file mode 100644 index 00000000..57c997d2 --- /dev/null +++ b/hosts/fern/home.nix @@ -0,0 +1,14 @@ +_: { + programs.ssh = { + enable = true; + extraConfig = '' + Host github.com + Hostname github.com + # github is controlled by fern~ + IdentityFile ~/.ssh/fern + # Specifies that ssh should only use the identity file explicitly configured above + # required to prevent sending default identity files first. + IdentitiesOnly yes + ''; + }; +} diff --git a/hosts/harmonica/home.nix b/hosts/harmonica/home.nix new file mode 100644 index 00000000..0e311de0 --- /dev/null +++ b/hosts/harmonica/home.nix @@ -0,0 +1,14 @@ +_: { + programs.ssh = { + enable = true; + extraConfig = '' + Host github.com + Hostname github.com + # github is controlled by harmonica~ + IdentityFile ~/.ssh/harmonica + # Specifies that ssh should only use the identity file explicitly configured above + # required to prevent sending default identity files first. + IdentitiesOnly yes + ''; + }; +} diff --git a/hosts/idols/ai/home.nix b/hosts/idols/ai/home.nix new file mode 100644 index 00000000..6155c573 --- /dev/null +++ b/hosts/idols/ai/home.nix @@ -0,0 +1,24 @@ +{ + modules.desktop.hyprland = { + nvidia = false; + # settings = { + # monitor = ""; + # }; + }; + + modules.desktop.i3 = { + nvidia = false; + }; + + programs.ssh = { + enable = true; + extraConfig = '' + Host github.com + # github is controlled by gluttony~ + IdentityFile ~/.ssh/gluttony + # Specifies that ssh should only use the identity file explicitly configured above + # required to prevent sending default identity files first. + IdentitiesOnly yes + ''; + }; +} diff --git a/hosts/idols/aquamarine/home.nix b/hosts/idols/aquamarine/home.nix new file mode 100644 index 00000000..2c63c085 --- /dev/null +++ b/hosts/idols/aquamarine/home.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/hosts/idols/kana/home.nix b/hosts/idols/kana/home.nix new file mode 100644 index 00000000..2c63c085 --- /dev/null +++ b/hosts/idols/kana/home.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/hosts/idols/ruby/home.nix b/hosts/idols/ruby/home.nix new file mode 100644 index 00000000..2c63c085 --- /dev/null +++ b/hosts/idols/ruby/home.nix @@ -0,0 +1,2 @@ +{ +} diff --git a/modules/base.nix b/modules/base.nix index f2f21bb0..aa2cad91 100644 --- a/modules/base.nix +++ b/modules/base.nix @@ -2,7 +2,7 @@ users.users.${username} = { openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDiipi59EnVbi6bK1bGrcbfEM263wgdNfbrt6VBC1rHx ryan@ai-idols" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII7PTkP3ixXTZlrJNSHnXgkmHNT+QslFi9wNYXOpVwGB ryan@harmonica" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfp/hvegbK04HykWvoY1EbDW+vXu1AlCjVivWE2ZeR ryan@shoukei" ]; }; diff --git a/systems/vars.nix b/systems/vars.nix index d62eb6b3..25664ce3 100644 --- a/systems/vars.nix +++ b/systems/vars.nix @@ -45,7 +45,10 @@ in { ../modules/nixos/server.nix ../modules/nixos/proxmox-hardware-configuration.nix ]; - home-module = import ../home/linux/server.nix; + home-module.imports = [ + ../hosts/idols/aquamarine/home.nix + ../home/linux/server.nix + ]; }; idol_aquamarine_tags = ["dist-build" "aqua"]; @@ -56,7 +59,10 @@ in { ../modules/nixos/server.nix ../modules/nixos/proxmox-hardware-configuration.nix ]; - home-module = import ../home/linux/server.nix; + home-module.imports = [ + ../hosts/idols/ruby/home.nix + ../home/linux/server.nix + ]; }; idol_ruby_tags = ["dist-build" "ruby"]; @@ -67,7 +73,10 @@ in { ../modules/nixos/server.nix ../modules/nixos/proxmox-hardware-configuration.nix ]; - home-module = import ../home/linux/server.nix; + home-module.imports = [ + ../hosts/idols/kana/home.nix + ../home/linux/server.nix + ]; }; idol_kana_tags = ["dist-build" "kana"]; @@ -80,7 +89,7 @@ in { # cross-compilation this flake. {nixpkgs.crossSystem.system = "riscv64-linux";} ]; - # home-module = import ../home/linux/server.nix; + # home-module.imports = []; }; rolling_nozomi_tags = ["riscv" "nozomi"]; @@ -93,7 +102,7 @@ in { # cross-compilation this flake. {nixpkgs.crossSystem.system = "riscv64-linux";} ]; - # home-module = import ../home/linux/server.nix; + # home-module.imports = []; }; rolling_yukina_tags = ["riscv" "yukina"]; @@ -106,7 +115,7 @@ in { # cross-compilation this flake. {nixpkgs.crossSystem.config = "aarch64-unknown-linux-gnu";} ]; - # home-module = import ../home/linux/server.nix; + # home-module.imports = []; }; _12kingdoms_suzu_tags = ["aarch" "suzu"]; @@ -149,7 +158,10 @@ in { ../modules/darwin ../secrets/darwin.nix ]; - home-module = import ../home/darwin; + home-module.imports = [ + ../hosts/harmonica/home.nix + ../home/darwin + ]; }; darwin_fern_modules = { darwin-modules = [ @@ -158,6 +170,9 @@ in { ../modules/darwin ../secrets/darwin.nix ]; - home-module = import ../home/darwin; + home-module.imports = [ + ../hosts/fern/home.nix + ../home/darwin + ]; }; }