chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

devices.cross.ssh: 整理

Browse Source
This commit is contained in:
陈浩南
2025-04-19 21:47:01 +08:00
parent daca2d8172
commit 07c6eeb389
4 changed files with 66 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
devices/cross/ssh.nix
View File

@@ -24,11 +24,24 @@ let
pc.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
srv1-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDm6M1D7dBVhjjZtXYuzMj2P1fXNWN3O9wmwNssxEeDs"; extraAccess = [ "srv1" ]; };
srv1-node1.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIFmG/ZzLDm23NeYa3SSI0a0uEyQWRFkaNRE9nB8egl7";
srv1-node2.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDhgEApzHhVPDvdVFPRuJ/zCDiR1K+rD4sZzH77imKPE";
srv1-node1 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIFmG/ZzLDm23NeYa3SSI0a0uEyQWRFkaNRE9nB8egl7";
# 不能直接访问,需要通过哪个机器跳转
proxyJump = "srv1";
};
srv1-node2 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIDhgEApzHhVPDvdVFPRuJ/zCDiR1K+rD4sZzH77imKPE";
proxyJump = "srv1";
};
srv2-node0 =
{ publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIJZ/+divGnDr0x+UlknA84Tfu6TPD+zBGmxWZY4Z38P6"; extraAccess = [ "srv2" ]; };
srv2-node1.publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
srv2-node1 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAINTvfywkKRwMrVp73HfHTfjhac2Tn9qX/lRjLr09ycHp";
proxyJump = "srv2";
};
srv3 =
{
publicKey = "AAAAC3NzaC1lZDI1NTE5AAAAIIg2wuwWqIOWNx1kVmreF6xTrGaW7rIaXsEPfCMe+5P9";
@@ -66,5 +79,35 @@ in
};
}])
(inputs.localLib.attrsToList devices)));
nixos.user.sharedModules = [{ config.programs.ssh.matchBlocks =
let genericConfig =
{ forwardX11 = true; forwardX11Trusted = true; forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; };
in builtins.listToAttrs (builtins.concatLists (builtins.concatLists
[
# 直接访问
(builtins.map
(device: builtins.map
(name:
{
inherit (device) name;
value = genericConfig //
{ host = name; hostname = "${name}.chn.moe"; proxyJump = device.value.proxyJump or null; };
})
((device.value.extraAccess or []) ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
# 通过 wireguard 访问
(builtins.concatLists (builtins.map
(net: builtins.map
(device: builtins.map
(name:
{
name = "${net}.${name}";
value = genericConfig // { host = "${net}.${name}"; hostname = "${net}.${name}.chn.moe"; };
})
((device.value.extraAccess or []) ++ [ device.name ]))
(inputs.localLib.attrsToList devices))
(builtins.attrNames inputs.topInputs.self.config.dns.wireguard.net)))
]));
}];
};
}

9
flake/dns/config/chn.moe.nix
View File

@@ -5,7 +5,7 @@ let
autoroute = [ "api" "git" "grafana" "matrix" "peertube" "send" "synapse" "vikunja" "" "" ];
"internal.pc" = [ "internal.nix-store" ];
nas = [ "initrd.nas" ];
office = [ "srv2" ];
office = [ "srv2-node0" ];
vps6 =
[
"blog" "catalog" "coturn" "element" "frp" "initrd.vps6" "misskey" "nix-store" "sticker" "synapse-admin" "tgapi"
@@ -20,17 +20,22 @@ let
"wg0.srv1-node0" = [ "wg0.srv1" ];
"wg0.srv2-node0" = [ "wg0.srv2" ];
srv3 = [ "initrd.srv3" ];
srv1-node0 = [ "srv1" ];
srv2-node0 = [ "srv2" ];
};
a =
{
nas = "192.168.1.2";
"internal.pc" = "192.168.1.3";
office = "210.34.16.60";
srv1 = "59.77.36.250";
srv1-node0 = "59.77.36.250";
vps6 = "144.34.225.59";
vps7 = "144.126.144.62";
search = "127.0.0.1";
srv3 = "23.135.236.216";
srv1-node1 = "192.168.178.2";
srv1-node2 = "192.168.178.3";
srv2-node1 = "192.168.178.2";
};
wireguard = import ./wireguard.nix;
in

46
modules/packages/ssh.nix
View File

@@ -40,36 +40,19 @@ inputs:
controlMaster = "auto";
controlPersist = "1m";
compression = true;
matchBlocks = builtins.listToAttrs
(
# TODO: 分离到 cross
(builtins.map
(host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; }; })
[ "vps6" "wg0.vps6" "vps7" "wg0.vps7" "wg0.nas" "wg0.one" ])
++ (builtins.map
(host:
matchBlocks = builtins.listToAttrs (builtins.map
(host:
{
name = host;
value =
{
name = host;
value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; forwardX11Trusted = true; };
})
[
"wg0.pc" "srv1" "wg0.srv1" "srv2" "wg0.srv2" "srv3" "wg0.srv3" "nas" "wg0.nas" "pc" "wg0.pc" "one"
"wg0.one"
])
++ (builtins.map
(host:
{
name = host;
value =
{
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
setEnv.TERM = "chn_unset_ls_colors:xterm-256color";
};
})
[ "wlin" "hwang" ])
)
host = host;
hostname = "hpc.xmu.edu.cn";
user = host;
setEnv.TERM = "chn_unset_ls_colors:xterm-256color";
};
})
[ "wlin" "hwang" ])
// rec {
gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
jykang =
@@ -81,11 +64,6 @@ inputs:
extraOptions.AddKeysToAgent = "yes";
};
"wg0.jykang" = jykang // { host = "wg0.jykang"; proxyJump = "wg0.srv2"; };
srv1-node0 = { host = "srv1-node0"; hostname = "srv1.chn.moe"; };
srv1-node1 = { host = "srv1-node1"; hostname = "192.168.178.2"; proxyJump = "srv1"; };
srv1-node2 = { host = "srv1-node2"; hostname = "192.168.178.3"; proxyJump = "srv1"; };
srv2-node0 = { host = "srv2-node0"; hostname = "srv2.chn.moe"; };
srv2-node1 = { host = "srv2-node1"; hostname = "192.168.178.2"; proxyJump = "srv2"; };
};
};
})];

8
modules/user/chn/ssh.nix
View File

@@ -14,13 +14,7 @@ inputs:
xmuhk2 = { host = "xmuhk2"; hostname = "183.233.219.132"; user = "xmuhk"; port = 62022; };
jykang.setEnv.TERM = "chn_unset_ls_colors:chn_cd:linwei/chn:xterm-256color";
"wg0.jykang" = jykang;
}
// (builtins.listToAttrs (builtins.map
(system: { name = system; value = { forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; }; })
[
"vps6" "wg0.vps6" "vps7" "wg0.vps7" "pc" "wg0.pc" "nas" "wg0.nas" "one" "wg0.one"
"srv1" "wg0.srv1" "srv2" "wg0.srv2" "srv3" "wg0.srv3"
]));
};
extraConfig = inputs.lib.mkIf inputs.config.nixos.model.private
''
IdentityFile ~/.ssh/id_rsa