cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(ssh/openssh): overhauling ssh and openssh modules

Browse Source
This commit is contained in:
cnst
2025-09-10 18:50:49 +02:00
parent 00acad3833
commit 65de9592a0
10 changed files with 176 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/default.nix
View File

@@ -20,11 +20,13 @@
smodPath = "${self}/modules/system"; smodPath = "${self}/modules/system";
inherit (inputs.nixpkgs.lib) nixosSystem; inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (self) outputs;
specialArgs = { specialArgs = {
inherit inherit
cLib cLib
inputs inputs
outputs
self self
userConfig userConfig
systemConfig systemConfig

1
hosts/kima/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix

1
hosts/sobotka/modules.nix
View File

@@ -65,6 +65,7 @@
}; };
fish = { fish = {
enable = true; enable = true;
homeless.enable = true;
}; };
gamemode = { gamemode = {
enable = false; enable = false;

1
hosts/ziggy/modules.nix
View File

@@ -65,6 +65,7 @@
}; };
fish = { fish = {
enable = true; enable = true;
homeless.enable = true;
}; };
gamemode = { gamemode = {
enable = false; enable = false;

1
modules/home/programs/fish/default.nix
View File

@@ -25,7 +25,6 @@ in
]; ];
shellAbbrs = { shellAbbrs = {
extract = "extract.sh"; extract = "extract.sh";
nixcleanboot = "sudo nix run /home/$USER/.nix-config#cleanup-boot";
nixclean = "nh clean all --keep 3"; nixclean = "nh clean all --keep 3";
nixdev = "nix develop ~/.nix-config -c $SHELL"; nixdev = "nix develop ~/.nix-config -c $SHELL";
nixup = "nh os switch -H $hostname"; nixup = "nh os switch -H $hostname";

26
modules/home/programs/ssh/default.nix
View File

@@ -1,9 +1,16 @@
{ {
outputs,
config, config,
lib, lib,
... ...
}: }:
let let
nixosConfigs = builtins.attrNames outputs.nixosConfigurations;
homeConfigs = map (n: lib.last (lib.splitString "@" n)) (
builtins.attrNames outputs.homeConfigurations
);
hostnames = lib.unique (homeConfigs ++ nixosConfigs);
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.home.programs.ssh; cfg = config.home.programs.ssh;
in in
@@ -13,8 +20,23 @@ in
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.ssh = { programs.ssh = {
enable = true; matchBlocks = {
userKnownHostsFile = "~/.ssh/known_hosts"; net = {
host = lib.concatStringsSep " " (
lib.flatten (
map (host: [
host
"${host}.local"
]) hostnames
)
);
extraOptions.StreamLocalBindUnlink = "yes";
forwardAgent = true;
forwardX11 = true;
forwardX11Trusted = true;
setEnv.WAYLAND_DISPLAY = "wayland-waypipe";
};
};
}; };
}; };
} }

187
modules/nixos/programs/fish/default.nix
View File

@@ -7,110 +7,97 @@
let let
inherit (lib.meta) getExe; inherit (lib.meta) getExe;
inherit (pkgs) eza bat; inherit (pkgs) eza bat;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption mkMerge;
cfg = config.nixos.programs.fish; cfg = config.nixos.programs.fish;
in in
{ {
options = { options = {
nixos.programs.fish.enable = mkEnableOption "Enables fish shell"; nixos.programs.fish = {
}; enable = mkEnableOption "Enables fish shell";
config = mkIf cfg.enable { homeless.enable = mkEnableOption "Enables features for homeless environments";
programs.fish = {
enable = true;
# plugins = [
# {
# name = "hydro";
# src = pkgs.fishPlugins.hydro;
# }
# ];
shellAbbrs = {
extract = "extract.sh";
nixcleanboot = "sudo nix run /home/$USER/.nix-config#cleanup-boot";
nixclean = "nh clean all --keep 3";
nixdev = "nix develop ~/.nix-config -c $SHELL";
nixup = "nh os switch -H $hostname";
nixupv = "nh os switch -v -H $hostname";
flakeup = "nix flake update";
};
shellAliases = {
".." = "cd ..";
"..." = "cd ../../";
"...." = "cd ../../../";
"....." = "cd ../../../../";
"......" = "cd ../../../../../";
nixconfig = "cd /home/$USER/.nix-config/";
homemodules = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix";
hmod = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix";
nixsettings = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix";
nset = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix";
nixosmodules = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix";
nmod = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix";
tree = "${getExe eza} --tree --icons=always";
cat = "${getExe bat} --style=plain";
ls = "${getExe eza} -h --git --icons --color=auto --group-directories-first -s extension";
ll = "${getExe eza} -l --git --icons --color=auto --group-directories-first -s extension";
lat = "${getExe eza} -lah --tree --color=auto --group-directories-first -s extension";
la = "${getExe eza} -lah --color=auto --group-directories-first -s extension";
# Clear screen and scrollback
clear = "printf '\\033[2J\\033[3J\\033[1;1H'";
};
# functions = {
# # Disable greeting
# fish_greeting = "";
# # Merge history when pressing up
# up-or-search = lib.readFile ./up-or-search.fish;
# # Check stuff in PATH
# nix-inspect =
# # fish
# ''
# set -s PATH | grep "PATH\[.*/nix/store" | cut -d '|' -f2 | grep -v -e "-man" -e "-terminfo" | perl -pe 's:^/nix/store/\w{32}-([^/]*)/bin$:\1:' | sort | uniq
# '';
# };
interactiveShellInit =
# fish
''
# Open command buffer in vim when alt+e is pressed
bind \ee edit_command_buffer
# Use vim bindings and cursors
fish_vi_key_bindings
set fish_cursor_default block blink
set fish_cursor_insert line blink
set fish_cursor_replace_one underscore blink
set fish_cursor_visual block
# Use terminal colors
set -x fish_color_autosuggestion brblack
set -x fish_color_cancel -r
set -x fish_color_command brgreen
set -x fish_color_comment brmagenta
set -x fish_color_cwd green
set -x fish_color_cwd_root red
set -x fish_color_end brmagenta
set -x fish_color_error brred
set -x fish_color_escape brcyan
set -x fish_color_history_current --bold
set -x fish_color_host normal
set -x fish_color_host_remote yellow
set -x fish_color_match --background=brblue
set -x fish_color_normal normal
set -x fish_color_operator cyan
set -x fish_color_param brblue
set -x fish_color_quote yellow
set -x fish_color_redirection bryellow
set -x fish_color_search_match 'bryellow' '--background=brblack'
set -x fish_color_selection 'white' '--bold' '--background=brblack'
set -x fish_color_status red
set -x fish_color_user brgreen
set -x fish_color_valid_path --underline
set -x fish_pager_color_completion normal
set -x fish_pager_color_description yellow
set -x fish_pager_color_prefix 'white' '--bold' '--underline'
set -x fish_pager_color_progress 'brwhite' '--background=cyan'
microfetch
'';
}; };
}; };
config = mkMerge [
(mkIf cfg.enable {
programs.fish.enable = true;
})
(mkIf cfg.homeless.enable {
programs.fish = {
shellAbbrs = {
extract = "extract.sh";
nixclean = "nh clean all --keep 3";
nixdev = "nix develop ~/.nix-config -c $SHELL";
nixup = "nh os switch -H $hostname";
nixupv = "nh os switch -v -H $hostname";
flakeup = "nix flake update";
};
shellAliases = {
".." = "cd ..";
"..." = "cd ../../";
"...." = "cd ../../../";
"....." = "cd ../../../../";
"......" = "cd ../../../../../";
nixconfig = "cd /home/$USER/.nix-config/";
homemodules = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix";
hmod = "$EDITOR /home/$USER/.nix-config/users/$USER/modules/{$hostname}mod.nix";
nixsettings = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix";
nset = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/settings.nix";
nixosmodules = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix";
nmod = "$EDITOR /home/$USER/.nix-config/hosts/$hostname/modules.nix";
tree = "${getExe eza} --tree --icons=always";
cat = "${getExe bat} --style=plain";
ls = "${getExe eza} -h --git --icons --color=auto --group-directories-first -s extension";
ll = "${getExe eza} -l --git --icons --color=auto --group-directories-first -s extension";
lat = "${getExe eza} -lah --tree --color=auto --group-directories-first -s extension";
la = "${getExe eza} -lah --color=auto --group-directories-first -s extension";
# Clear screen and scrollback
clear = "printf '\\033[2J\\033[3J\\033[1;1H'";
};
interactiveShellInit =
# fish
''
# Open command buffer in vim when alt+e is pressed
bind \ee edit_command_buffer
# Use vim bindings and cursors
fish_vi_key_bindings
set fish_cursor_default block blink
set fish_cursor_insert line blink
set fish_cursor_replace_one underscore blink
set fish_cursor_visual block
# Use terminal colors
set -x fish_color_autosuggestion brblack
set -x fish_color_cancel -r
set -x fish_color_command brgreen
set -x fish_color_comment brmagenta
set -x fish_color_cwd green
set -x fish_color_cwd_root red
set -x fish_color_end brmagenta
set -x fish_color_error brred
set -x fish_color_escape brcyan
set -x fish_color_history_current --bold
set -x fish_color_host normal
set -x fish_color_host_remote yellow
set -x fish_color_match --background=brblue
set -x fish_color_normal normal
set -x fish_color_operator cyan
set -x fish_color_param brblue
set -x fish_color_quote yellow
set -x fish_color_redirection bryellow
set -x fish_color_search_match 'bryellow' '--background=brblack'
set -x fish_color_selection 'white' '--bold' '--background=brblack'
set -x fish_color_status red
set -x fish_color_user brgreen
set -x fish_color_valid_path --underline
set -x fish_pager_color_completion normal
set -x fish_pager_color_description yellow
set -x fish_pager_color_prefix 'white' '--bold' '--underline'
set -x fish_pager_color_progress 'brwhite' '--background=cyan'
'';
};
})
];
} }

34
modules/nixos/programs/ssh/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.nixos.services.openssh;
in
{
options = {
nixos.services.openssh = {
enable = mkEnableOption "Enables ssh";
};
};
config = mkIf cfg.enable {
programs.ssh = {
knownHosts = {
publicKeyFile = /etc/ssh/ssh_host_ed25519_key.pub;
};
};
services.openssh = {
enable = true;
settings = {
AcceptEnv = "WAYLAND_DISPLAY";
GatewayPorts = "clientspecified";
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = "yes";
X11Forwarding = true;
};
};
};
}

26
modules/nixos/services/openssh/default.nix
View File

@@ -1,19 +1,43 @@
{ {
config, config,
outputs,
lib, lib,
self,
... ...
}: }:
let let
hosts = lib.attrNames outputs.nixosConfigurations;
inherit (lib) mkIf mkEnableOption; inherit (lib) mkIf mkEnableOption;
cfg = config.nixos.services.openssh; cfg = config.nixos.services.openssh;
hostsWithKeys = builtins.filter (
hostname: builtins.pathExists "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub"
) hosts;
in in
{ {
options = { options = {
nixos.services.openssh.enable = mkEnableOption "Enables openssh"; nixos.services.openssh = {
enable = mkEnableOption "Enables openssh";
};
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.ssh = {
knownHosts = lib.genAttrs hostsWithKeys (hostname: {
publicKeyFile = "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub";
});
};
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = {
AcceptEnv = "WAYLAND_DISPLAY";
GatewayPorts = "clientspecified";
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = "yes";
X11Forwarding = true;
};
}; };
}; };
} }

2
users/cnst/modules/kimamod.nix
View File

@@ -27,7 +27,7 @@
enable = true; enable = true;
}; };
fish = { fish = {
enable = false; enable = true;
}; };
foot = { foot = {
enable = true; enable = true;