chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2024-10-23 18:08:45 +08:00
Code Issues Packages Projects Releases Wiki Activity
3cbfe14cc2
nixos/modules/packages/server/ssh/default.nix

170 lines
6.2 KiB
Nix
Raw Normal View History

整理ssh
2023-12-07 18:15:06 +08:00
inputs:
{
config =
let
inherit (inputs.lib) mkIf;
inherit (builtins) concatLists map listToAttrs;
inherit (inputs.localLib) attrsToList;
in mkIf (builtins.elem "server" inputs.config.nixos.packages._packageSets)
{
services.openssh.knownHosts =
let
servers =
{
vps6 =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO5ZcvyRyOnUCuRtqrM/Qf+AdUe3a5bhbnfyhw2FSLDZ";
packages.server.ssh: remove internal hostnames
2023-12-13 12:33:56 +08:00
hostnames = [ "vps6.chn.moe" "wireguard.vps6.chn.moe" "74.211.99.69" "192.168.83.1" ];
整理ssh
2023-12-07 18:15:06 +08:00
};
"initrd.vps6" =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB4DKB/zzUYco5ap6k9+UxeO04LL12eGvkmQstnYxgnS";
hostnames = [ "initrd.vps6.chn.moe" "74.211.99.69" ];
};
vps7 =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF5XkdilejDAlg5hZZD0oq69k8fQpe9hIJylTo/aLRgY";
services.gitea: fix ssh
2023-12-17 14:41:00 +08:00
hostnames = [ "vps7.chn.moe" "wireguard.vps7.chn.moe" "ssh.git.chn.moe" "95.111.228.40" "192.168.83.2" ];
整理ssh
2023-12-07 18:15:06 +08:00
};
"initrd.vps7" =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZyQpdQmEZw3nLERFmk2tS1gpSvXwW0Eish9UfhrRxC";
hostnames = [ "initrd.vps7.chn.moe" "95.111.228.40" ];
};
nas =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIktNbEcDMKlibXg54u7QOLt0755qB/P4vfjwca8xY6V";
packages.server.ssh: remove internal hostnames
2023-12-13 12:33:56 +08:00
hostnames = [ "wireguard.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" "192.168.83.4" ];
整理ssh
2023-12-07 18:15:06 +08:00
};
"initrd.nas" =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
hostnames = [ "initrd.nas.chn.moe" "[office.chn.moe]:5440" "192.168.1.185" ];
};
pc =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
packages.server.ssh: remove internal hostnames
2023-12-13 12:33:56 +08:00
hostnames = [ "wireguard.pc.chn.moe" "192.168.83.3" ];
整理ssh
2023-12-07 18:15:06 +08:00
};
hpc =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVpsQW3kZt5alHC6mZhay3ZEe2fRGziG4YJWCv2nn/O";
hostnames = [ "hpc.xmu.edu.cn" ];
};
github =
{
ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
hostnames = [ "github.com" ];
};
};
in listToAttrs (concatLists (map
(server:
(
if builtins.pathExists ./ssh/${server.name}_rsa.pub then
[{
name = "${server.name}-rsa";
value =
{
publicKey = builtins.readFile ./ssh/${server.name}_rsa.pub;
hostNames = server.value.hostnames;
};
}]
else []
)
++ (
if builtins.pathExists ./ssh/${server.name}_ecdsa.pub then
[{
name = "${server.name}-ecdsa";
value =
{
publicKey = builtins.readFile ./ssh/${server.name}_ecdsa.pub;
hostNames = server.value.hostnames;
};
}]
else []
)
++ (
if server.value ? ed25519 then
[{
name = "${server.name}-ed25519";
value =
{
publicKey = server.value.ed25519;
hostNames = server.value.hostnames;
};
}]
else []
))
(attrsToList servers)));
packages.server.ssh: enable ssh agent forward
2023-12-29 20:22:02 +08:00
programs.ssh =
{
startAgent = true;
enableAskPassword = true;
askPassword = "${inputs.pkgs.systemd}/bin/systemd-ask-password";
extraConfig = "AddKeysToAgent yes";
};
packages.server.ssh: prefer askPassword
2024-01-03 22:43:28 +08:00
environment.sessionVariables.SSH_ASKPASS_REQUIRE = "prefer";
整理ssh
2023-12-07 18:15:06 +08:00
nixos.users.sharedModules =
packages.server.ssh: auto cd in jykang
2023-12-22 11:39:10 +08:00
[(hmInputs: {
整理ssh
2023-12-07 18:15:06 +08:00
config.programs.ssh =
{
enable = true;
controlMaster = "auto";
controlPersist = "1m";
compression = true;
matchBlocks = builtins.listToAttrs
(
(builtins.map
(host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
packages.server.ssh: remove internal hostnames
2023-12-13 12:33:56 +08:00
[ "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "wireguard.nas" ])
整理ssh
2023-12-07 18:15:06 +08:00
++ (builtins.map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
extraOptions =
{
PubkeyAcceptedAlgorithms = "+ssh-rsa";
HostkeyAlgorithms = "+ssh-rsa";
packages.server.ssh: auto cd in jykang
2023-12-22 11:39:10 +08:00
SetEnv =
let
usernameMap =
{
chn = "linwei/chn";
};
cdString =
if host == "jykang" && (usernameMap ? ${hmInputs.config.home.username}) then
":chn_cd:${usernameMap.${hmInputs.config.home.username}}"
else "";
in "TERM=chn_unset_ls_colors${cdString}:xterm-256color";
整理ssh
2023-12-07 18:15:06 +08:00
# in .bash_profile:
# if [[ $TERM == chn_unset_ls_colors* ]]; then
# export TERM=${TERM#*:}
# export CHN_LS_USE_COLOR=1
# fi
packages.server.ssh: auto cd in jykang
2023-12-22 11:39:10 +08:00
# if [[ $TERM == chn_cd* ]]; then
# export TERM=${TERM#*:}
# cd ~/${TERM%%:*}
# export TERM=${TERM#*:}
# fi
整理ssh
2023-12-07 18:15:06 +08:00
# in .bashrc
# [ -n "$CHN_LS_USE_COLOR" ] && alias ls="ls --color=auto"
};
};
})
[ "wlin" "jykang" "hwang" ])
)
// {
xmupc1 = { host = "xmupc1"; hostname = "office.chn.moe"; port = 6007; };
nas = { host = "nas"; hostname = "office.chn.moe"; port = 5440; };
services.gitea: fix ssh
2023-12-17 14:41:00 +08:00
gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
整理ssh
2023-12-07 18:15:06 +08:00
};
};
packages.server.ssh: auto cd in jykang
2023-12-22 11:39:10 +08:00
})];
整理ssh
2023-12-07 18:15:06 +08:00
};
}
Reference in New Issue Copy Permalink