feat(ssh): Using SSH over the HTTPS port for GitHub, refactor ssh config (#187)

2026-04-25 10:18:37 +02:00 · 2025-05-16 00:24:46 +08:00
parent 43721fba8a
commit b44d277072
12 changed files with 91 additions and 120 deletions
--- a/vars/networking.nix
+++ b/vars/networking.nix
@@ -156,29 +156,38 @@
  ssh = {
    # define the host alias for remote builders
    # this config will be written to /etc/ssh/ssh_config
-    # ''
-    #   Host ruby
-    #     HostName 192.168.5.102
-    #     Port 22
    #
-    #   Host kana
-    #     HostName 192.168.5.103
-    #     Port 22
-    #   ...
-    # '';
+    # Config format:
+    #   Host —  given the pattern used to match against the host name given on the command line.
+    #   HostName — specify nickname or abbreviation for host
+    #   IdentityFile — the location of your SSH key authentication file for the account.
+    # Format in details:
+    #   https://www.ssh.com/academy/ssh/config
    extraConfig =
-      lib.attrsets.foldlAttrs
-      (acc: host: val:
-        acc
-        + ''
-          Host ${host}
-            HostName ${val.ipv4}
-            Port 22
-        '')
-      ""
-      hostsAddr;
+      ''
+        Host gtr5
+          HostName 192.168.5.172
+          Port 22
+
+        Host um560
+          HostName 192.168.5.173
+          Port 22
+
+        Host s500plus
+          HostName 192.168.5.174
+          Port 22
+      ''
+      + (lib.attrsets.foldlAttrs
+        (acc: host: val:
+          acc
+          + ''
+            Host ${host}
+              HostName ${val.ipv4}
+              Port 22
+          '')
+        ""
+        hostsAddr);

-    # define the host key for remote builders so that nix can verify all the remote builders
    # this config will be written to /etc/ssh/ssh_known_hosts
    knownHosts =
      # Update only the values of the given attribute set.
@@ -189,13 +198,20 @@
      #     => { x = "bar-a"; y = "bar-b"; }
      lib.attrsets.mapAttrs
      (host: value: {
-        hostNames = [host hostsAddr.${host}.ipv4];
+        hostNames = [host] ++ (lib.optional (hostsAddr ? host) hostsAddr.${host}.ipv4);
        publicKey = value.publicKey;
      })
      {
+        # Define the root user's host key for remote builders, so that nix can verify all the remote builders
+
        aquamarine.publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEOXFhFu9Duzp6ZBE288gDZ6VLrNaeWL4kDrFUh9Neic root@aquamarine";
        # ruby.publicKey = "";
        # kana.publicKey = "";
+
+        # ==================================== Other SSH Service's Public Key =======================================
+
+        # https://docs.github.com/en/authentication/keeping-your-account-and-data-secure/githubs-ssh-key-fingerprints
+        "github.com".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
      };
  };
 }