diff --git a/hosts/default.nix b/hosts/default.nix index 64143e4e..36757ab9 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -20,11 +20,13 @@ smodPath = "${self}/modules/system"; inherit (inputs.nixpkgs.lib) nixosSystem; + inherit (self) outputs; specialArgs = { inherit cLib inputs + outputs self userConfig systemConfig diff --git a/hosts/kima/ssh_host_ed25519_key.pub b/hosts/kima/ssh_host_ed25519_key.pub new file mode 100644 index 00000000..0676d9a3 --- /dev/null +++ b/hosts/kima/ssh_host_ed25519_key.pub @@ -0,0 +1 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix diff --git a/hosts/sobotka/modules.nix b/hosts/sobotka/modules.nix index 58f3efc1..47daf837 100644 --- a/hosts/sobotka/modules.nix +++ b/hosts/sobotka/modules.nix @@ -65,6 +65,7 @@ }; fish = { enable = true; + homeless.enable = true; }; gamemode = { enable = false; diff --git a/hosts/ziggy/modules.nix b/hosts/ziggy/modules.nix index e0841c69..ef854f52 100644 --- a/hosts/ziggy/modules.nix +++ b/hosts/ziggy/modules.nix @@ -65,6 +65,7 @@ }; fish = { enable = true; + homeless.enable = true; }; gamemode = { enable = false; diff --git a/modules/home/programs/fish/default.nix b/modules/home/programs/fish/default.nix index d1ba5795..dee2655d 100644 --- a/modules/home/programs/fish/default.nix +++ b/modules/home/programs/fish/default.nix @@ -25,7 +25,6 @@ in ]; shellAbbrs = { extract = "extract.sh"; - nixcleanboot = "sudo nix run /home/$USER/.nix-config#cleanup-boot"; nixclean = "nh clean all --keep 3"; nixdev = "nix develop ~/.nix-config -c $SHELL"; nixup = "nh os switch -H $hostname"; diff --git a/modules/home/programs/ssh/default.nix b/modules/home/programs/ssh/default.nix index aff7803c..fbb6274a 100644 --- a/modules/home/programs/ssh/default.nix +++ b/modules/home/programs/ssh/default.nix @@ -1,9 +1,16 @@ { + outputs, config, lib, ... }: let + nixosConfigs = builtins.attrNames outputs.nixosConfigurations; + homeConfigs = map (n: lib.last (lib.splitString "@" n)) ( + builtins.attrNames outputs.homeConfigurations + ); + hostnames = lib.unique (homeConfigs ++ nixosConfigs); + inherit (lib) mkIf mkEnableOption; cfg = config.home.programs.ssh; in @@ -13,8 +20,23 @@ in }; config = mkIf cfg.enable { programs.ssh = { - enable = true; - userKnownHostsFile = "~/.ssh/known_hosts"; + matchBlocks = { + net = { + host = lib.concatStringsSep " " ( + lib.flatten ( + map (host: [ + host + "${host}.local" + ]) hostnames + ) + ); + extraOptions.StreamLocalBindUnlink = "yes"; + forwardAgent = true; + forwardX11 = true; + forwardX11Trusted = true; + setEnv.WAYLAND_DISPLAY = "wayland-waypipe"; + }; + }; }; }; } diff --git a/modules/nixos/programs/fish/default.nix b/modules/nixos/programs/fish/default.nix index 014b1146..b7840b40 100644 --- a/modules/nixos/programs/fish/default.nix +++ b/modules/nixos/programs/fish/default.nix @@ -7,110 +7,97 @@ let inherit (lib.meta) getExe; inherit (pkgs) eza bat; - inherit (lib) mkIf mkEnableOption; + inherit (lib) mkIf mkEnableOption mkMerge; cfg = config.nixos.programs.fish; in { options = { - nixos.programs.fish.enable = mkEnableOption "Enables fish shell"; - }; - config = mkIf cfg.enable { - programs.fish = { - enable = true; - # plugins = [ - # { - # name = "hydro"; - # src = pkgs.fishPlugins.hydro; - # } - # ]; - shellAbbrs = { - extract = "extract.sh"; - nixcleanboot = "sudo nix run /home/$USER/.nix-config#cleanup-boot"; - nixclean = "nh clean all --keep 3"; - nixdev = "nix develop ~/.nix-config -c $SHELL"; - nixup = "nh os switch -H $hostname"; - nixupv = "nh os switch -v -H $hostname"; - flakeup = "nix flake update"; - }; - shellAliases = { - ".." = "cd .."; - "..." = "cd ../../"; - "...." = "cd ../../../"; - "....." = "cd ../../../../"; - "......" = "cd ../../../../../"; - nixconfig = "cd /home/$USER/.nix-config/"; - homemodules = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix"; - hmod = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix"; - nixsettings = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix"; - nset = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix"; - nixosmodules = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix"; - nmod = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix"; - tree = "${getExe eza} --tree --icons=always"; - cat = "${getExe bat} --style=plain"; - ls = "${getExe eza} -h --git --icons --color=auto --group-directories-first -s extension"; - ll = "${getExe eza} -l --git --icons --color=auto --group-directories-first -s extension"; - lat = "${getExe eza} -lah --tree --color=auto --group-directories-first -s extension"; - la = "${getExe eza} -lah --color=auto --group-directories-first -s extension"; - # Clear screen and scrollback - clear = "printf '\\033[2J\\033[3J\\033[1;1H'"; - }; - # functions = { - # # Disable greeting - # fish_greeting = ""; - # # Merge history when pressing up - # up-or-search = lib.readFile ./up-or-search.fish; - # # Check stuff in PATH - # nix-inspect = - # # fish - # '' - # set -s PATH | grep "PATH\[.*/nix/store" | cut -d '|' -f2 | grep -v -e "-man" -e "-terminfo" | perl -pe 's:^/nix/store/\w{32}-([^/]*)/bin$:\1:' | sort | uniq - # ''; - # }; - interactiveShellInit = - # fish - '' - # Open command buffer in vim when alt+e is pressed - bind \ee edit_command_buffer - - # Use vim bindings and cursors - fish_vi_key_bindings - set fish_cursor_default block blink - set fish_cursor_insert line blink - set fish_cursor_replace_one underscore blink - set fish_cursor_visual block - - # Use terminal colors - set -x fish_color_autosuggestion brblack - set -x fish_color_cancel -r - set -x fish_color_command brgreen - set -x fish_color_comment brmagenta - set -x fish_color_cwd green - set -x fish_color_cwd_root red - set -x fish_color_end brmagenta - set -x fish_color_error brred - set -x fish_color_escape brcyan - set -x fish_color_history_current --bold - set -x fish_color_host normal - set -x fish_color_host_remote yellow - set -x fish_color_match --background=brblue - set -x fish_color_normal normal - set -x fish_color_operator cyan - set -x fish_color_param brblue - set -x fish_color_quote yellow - set -x fish_color_redirection bryellow - set -x fish_color_search_match 'bryellow' '--background=brblack' - set -x fish_color_selection 'white' '--bold' '--background=brblack' - set -x fish_color_status red - set -x fish_color_user brgreen - set -x fish_color_valid_path --underline - set -x fish_pager_color_completion normal - set -x fish_pager_color_description yellow - set -x fish_pager_color_prefix 'white' '--bold' '--underline' - set -x fish_pager_color_progress 'brwhite' '--background=cyan' - - microfetch - ''; - + nixos.programs.fish = { + enable = mkEnableOption "Enables fish shell"; + homeless.enable = mkEnableOption "Enables features for homeless environments"; }; }; + + config = mkMerge [ + (mkIf cfg.enable { + programs.fish.enable = true; + }) + + (mkIf cfg.homeless.enable { + programs.fish = { + shellAbbrs = { + extract = "extract.sh"; + nixclean = "nh clean all --keep 3"; + nixdev = "nix develop ~/.nix-config -c $SHELL"; + nixup = "nh os switch -H $hostname"; + nixupv = "nh os switch -v -H $hostname"; + flakeup = "nix flake update"; + }; + shellAliases = { + ".." = "cd .."; + "..." = "cd ../../"; + "...." = "cd ../../../"; + "....." = "cd ../../../../"; + "......" = "cd ../../../../../"; + nixconfig = "cd /home/$USER/.nix-config/"; + homemodules = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix"; + hmod = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix"; + nixsettings = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix"; + nset = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix"; + nixosmodules = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix"; + nmod = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix"; + tree = "${getExe eza} --tree --icons=always"; + cat = "${getExe bat} --style=plain"; + ls = "${getExe eza} -h --git --icons --color=auto --group-directories-first -s extension"; + ll = "${getExe eza} -l --git --icons --color=auto --group-directories-first -s extension"; + lat = "${getExe eza} -lah --tree --color=auto --group-directories-first -s extension"; + la = "${getExe eza} -lah --color=auto --group-directories-first -s extension"; + # Clear screen and scrollback + clear = "printf '\\033[2J\\033[3J\\033[1;1H'"; + }; + interactiveShellInit = + # fish + '' + # Open command buffer in vim when alt+e is pressed + bind \ee edit_command_buffer + + # Use vim bindings and cursors + fish_vi_key_bindings + set fish_cursor_default block blink + set fish_cursor_insert line blink + set fish_cursor_replace_one underscore blink + set fish_cursor_visual block + + # Use terminal colors + set -x fish_color_autosuggestion brblack + set -x fish_color_cancel -r + set -x fish_color_command brgreen + set -x fish_color_comment brmagenta + set -x fish_color_cwd green + set -x fish_color_cwd_root red + set -x fish_color_end brmagenta + set -x fish_color_error brred + set -x fish_color_escape brcyan + set -x fish_color_history_current --bold + set -x fish_color_host normal + set -x fish_color_host_remote yellow + set -x fish_color_match --background=brblue + set -x fish_color_normal normal + set -x fish_color_operator cyan + set -x fish_color_param brblue + set -x fish_color_quote yellow + set -x fish_color_redirection bryellow + set -x fish_color_search_match 'bryellow' '--background=brblack' + set -x fish_color_selection 'white' '--bold' '--background=brblack' + set -x fish_color_status red + set -x fish_color_user brgreen + set -x fish_color_valid_path --underline + set -x fish_pager_color_completion normal + set -x fish_pager_color_description yellow + set -x fish_pager_color_prefix 'white' '--bold' '--underline' + set -x fish_pager_color_progress 'brwhite' '--background=cyan' + ''; + }; + }) + ]; } diff --git a/modules/nixos/programs/ssh/default.nix b/modules/nixos/programs/ssh/default.nix new file mode 100644 index 00000000..55afffb7 --- /dev/null +++ b/modules/nixos/programs/ssh/default.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + ... +}: +let + inherit (lib) mkIf mkEnableOption; + cfg = config.nixos.services.openssh; +in +{ + options = { + nixos.services.openssh = { + enable = mkEnableOption "Enables ssh"; + }; + }; + config = mkIf cfg.enable { + programs.ssh = { + knownHosts = { + publicKeyFile = /etc/ssh/ssh_host_ed25519_key.pub; + }; + }; + services.openssh = { + enable = true; + settings = { + AcceptEnv = "WAYLAND_DISPLAY"; + GatewayPorts = "clientspecified"; + PasswordAuthentication = false; + PermitRootLogin = "no"; + StreamLocalBindUnlink = "yes"; + X11Forwarding = true; + }; + }; + }; +} diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix index c7604411..24512c75 100644 --- a/modules/nixos/services/openssh/default.nix +++ b/modules/nixos/services/openssh/default.nix @@ -1,19 +1,43 @@ { config, + outputs, lib, + self, ... }: let + hosts = lib.attrNames outputs.nixosConfigurations; inherit (lib) mkIf mkEnableOption; cfg = config.nixos.services.openssh; + + hostsWithKeys = builtins.filter ( + hostname: builtins.pathExists "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub" + ) hosts; in { options = { - nixos.services.openssh.enable = mkEnableOption "Enables openssh"; + nixos.services.openssh = { + enable = mkEnableOption "Enables openssh"; + }; }; + config = mkIf cfg.enable { + programs.ssh = { + knownHosts = lib.genAttrs hostsWithKeys (hostname: { + publicKeyFile = "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub"; + }); + }; + services.openssh = { enable = true; + settings = { + AcceptEnv = "WAYLAND_DISPLAY"; + GatewayPorts = "clientspecified"; + PasswordAuthentication = false; + PermitRootLogin = "no"; + StreamLocalBindUnlink = "yes"; + X11Forwarding = true; + }; }; }; } diff --git a/users/cnst/modules/kimamod.nix b/users/cnst/modules/kimamod.nix index ebdbec63..fbbc64a4 100644 --- a/users/cnst/modules/kimamod.nix +++ b/users/cnst/modules/kimamod.nix @@ -27,7 +27,7 @@ enable = true; }; fish = { - enable = false; + enable = true; }; foot = { enable = true;