mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-01-11 20:40:24 +01:00
39 lines
1.1 KiB
Nix
39 lines
1.1 KiB
Nix
{
|
|
config,
|
|
mysecrets,
|
|
...
|
|
}:
|
|
{
|
|
home.file.".ssh/romantic.pub".source = "${mysecrets}/public/romantic.pub";
|
|
|
|
programs.ssh = {
|
|
enable = true;
|
|
|
|
# "a private key that is used during authentication will be added to ssh-agent if it is running"
|
|
addKeysToAgent = "yes";
|
|
|
|
matchBlocks = {
|
|
"github.com" = {
|
|
# "Using SSH over the HTTPS port for GitHub"
|
|
# "(port 22 is banned by some proxies / firewalls)"
|
|
hostname = "ssh.github.com";
|
|
port = 443;
|
|
user = "git";
|
|
|
|
# Specifies that ssh should only use the identity file explicitly configured above
|
|
# required to prevent sending default identity files first.
|
|
identitiesOnly = true;
|
|
};
|
|
|
|
"192.168.*" = {
|
|
# "allow to securely use local SSH agent to authenticate on the remote machine."
|
|
# "It has the same effect as adding cli option `ssh -A user@host`"
|
|
forwardAgent = true;
|
|
# "romantic holds my homelab~"
|
|
identityFile = "/etc/agenix/ssh-key-romantic";
|
|
identitiesOnly = true;
|
|
};
|
|
};
|
|
};
|
|
}
|