feat(ssh): Using SSH over the HTTPS port for GitHub, refactor ssh config (#187)

2026-04-24 17:58:30 +02:00 · 2025-05-16 00:24:46 +08:00
parent 43721fba8a
commit b44d277072
12 changed files with 91 additions and 120 deletions
--- a/home/base/tui/ssh.nix
+++ b/home/base/tui/ssh.nix
@@ -1,41 +1,37 @@
-{mysecrets, ...}: {
+{
+  config,
+  mysecrets,
+  ...
+}: {
  home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";

  programs.ssh = {
    enable = true;

-    # All my ssh private key are generated by `ssh-keygen -t ed25519 -a 256 -C "xxx@xxx"`
-    # Config format:
-    #   Host —  given the pattern used to match against the host name given on the command line.
-    #   HostName — specify nickname or abbreviation for host
-    #   IdentityFile — the location of your SSH key authentication file for the account.
-    # Format in details:
-    #   https://www.ssh.com/academy/ssh/config
-    extraConfig = ''
-      # a private key that is used during authentication will be added to ssh-agent if it is running
-      AddKeysToAgent yes
+    # "a private key that is used during authentication will be added to ssh-agent if it is running"
+    addKeysToAgent = "yes";
+
+    matchBlocks = {
+      "github.com" = {
+        # "Using SSH over the HTTPS port for GitHub"
+        # "(port 22 is banned by some proxies / firewalls)"
+        hostname = "ssh.github.com";
+        port = 443;
+        user = "git";

-      Host 192.168.*
-        # allow to securely use local SSH agent to authenticate on the remote machine.
-        # It has the same effect as adding cli option `ssh -A user@host`
-        ForwardAgent yes
-        # romantic holds my homelab~
-        IdentityFile /etc/agenix/ssh-key-romantic
        # Specifies that ssh should only use the identity file explicitly configured above
        # required to prevent sending default identity files first.
-        IdentitiesOnly yes
+        identitiesOnly = true;
+      };

-      Host gtr5
-        HostName 192.168.5.172
-        Port 22
-
-      Host um560
-        HostName 192.168.5.173
-        Port 22
-
-      Host s500plus
-        HostName 192.168.5.174
-        Port 22
-    '';
+      "192.168.*" = {
+        # "allow to securely use local SSH agent to authenticate on the remote machine."
+        # "It has the same effect as adding cli option `ssh -A user@host`"
+        forwardAgent = true;
+        # "romantic holds my homelab~"
+        identityFile = "/etc/agenix/ssh-key-romantic";
+        identitiesOnly = true;
+      };
+    };
  };
 }