cnst/cnix
1
0
Fork 0
Code Issues Pull Requests Activity

feat(ssh/openssh): overhauling ssh and openssh modules

Browse Source
This commit is contained in:
cnst
2025-09-10 18:50:49 +02:00
parent 00acad3833
commit 65de9592a0
10 changed files with 176 additions and 105 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/default.nix
View File

@@ -20,11 +20,13 @@
smodPath = "${self}/modules/system";
inherit (inputs.nixpkgs.lib) nixosSystem;
inherit (self) outputs;
specialArgs = {
inherit
cLib
inputs
outputs
self
userConfig
systemConfig

1
hosts/kima/ssh_host_ed25519_key.pub Normal file
View File

@@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJjoPdpiF8pjKN3ZEHeLEwVxoqwcCdzpVVlZkxJohFdg root@cnix

1
hosts/sobotka/modules.nix
View File

@@ -65,6 +65,7 @@
};
fish = {
enable = true;
homeless.enable = true;
};
gamemode = {
enable = false;

1
hosts/ziggy/modules.nix
View File

@@ -65,6 +65,7 @@
};
fish = {
enable = true;
homeless.enable = true;
};
gamemode = {
enable = false;

1
modules/home/programs/fish/default.nix
View File

@@ -25,7 +25,6 @@ in
];
shellAbbrs = {
extract = "extract.sh";
nixcleanboot = "sudo nix run /home/$USER/.nix-config#cleanup-boot";
nixclean = "nh clean all --keep 3";
nixdev = "nix develop ~/.nix-config -c $SHELL";
nixup = "nh os switch -H $hostname";

26
modules/home/programs/ssh/default.nix
View File

@@ -1,9 +1,16 @@
{
outputs,
config,
lib,
...
}:
let
nixosConfigs = builtins.attrNames outputs.nixosConfigurations;
homeConfigs = map (n: lib.last (lib.splitString "@" n)) (
builtins.attrNames outputs.homeConfigurations
);
hostnames = lib.unique (homeConfigs ++ nixosConfigs);
inherit (lib) mkIf mkEnableOption;
cfg = config.home.programs.ssh;
in
@@ -13,8 +20,23 @@ in
};
config = mkIf cfg.enable {
programs.ssh = {
enable = true;
userKnownHostsFile = "~/.ssh/known_hosts";
matchBlocks = {
net = {
host = lib.concatStringsSep " " (
lib.flatten (
map (host: [
host
"${host}.local"
]) hostnames
)
);
extraOptions.StreamLocalBindUnlink = "yes";
forwardAgent = true;
forwardX11 = true;
forwardX11Trusted = true;
setEnv.WAYLAND_DISPLAY = "wayland-waypipe";
};
};
};
};
}

41
modules/nixos/programs/fish/default.nix
View File

@@ -7,25 +7,26 @@
let
inherit (lib.meta) getExe;
inherit (pkgs) eza bat;
inherit (lib) mkIf mkEnableOption;
inherit (lib) mkIf mkEnableOption mkMerge;
cfg = config.nixos.programs.fish;
in
{
options = {
nixos.programs.fish.enable = mkEnableOption "Enables fish shell";
nixos.programs.fish = {
enable = mkEnableOption "Enables fish shell";
homeless.enable = mkEnableOption "Enables features for homeless environments";
};
config = mkIf cfg.enable {
};
config = mkMerge [
(mkIf cfg.enable {
programs.fish.enable = true;
})
(mkIf cfg.homeless.enable {
programs.fish = {
enable = true;
# plugins = [
# {
# name = "hydro";
# src = pkgs.fishPlugins.hydro;
# }
# ];
shellAbbrs = {
extract = "extract.sh";
nixcleanboot = "sudo nix run /home/$USER/.nix-config#cleanup-boot";
nixclean = "nh clean all --keep 3";
nixdev = "nix develop ~/.nix-config -c $SHELL";
nixup = "nh os switch -H $hostname";
@@ -54,18 +55,6 @@ in
# Clear screen and scrollback
clear = "printf '\\033[2J\\033[3J\\033[1;1H'";
};
# functions = {
# # Disable greeting
# fish_greeting = "";
# # Merge history when pressing up
# up-or-search = lib.readFile ./up-or-search.fish;
# # Check stuff in PATH
# nix-inspect =
# # fish
# ''
# set -s PATH | grep "PATH\[.*/nix/store" | cut -d '|' -f2 | grep -v -e "-man" -e "-terminfo" | perl -pe 's:^/nix/store/\w{32}-([^/]*)/bin$:\1:' | sort | uniq
# '';
# };
interactiveShellInit =
# fish
''
@@ -107,10 +96,8 @@ in
set -x fish_pager_color_description yellow
set -x fish_pager_color_prefix 'white' '--bold' '--underline'
set -x fish_pager_color_progress 'brwhite' '--background=cyan'
microfetch
'';
};
};
})
];
}

34
modules/nixos/programs/ssh/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
...
}:
let
inherit (lib) mkIf mkEnableOption;
cfg = config.nixos.services.openssh;
in
{
options = {
nixos.services.openssh = {
enable = mkEnableOption "Enables ssh";
};
};
config = mkIf cfg.enable {
programs.ssh = {
knownHosts = {
publicKeyFile = /etc/ssh/ssh_host_ed25519_key.pub;
};
};
services.openssh = {
enable = true;
settings = {
AcceptEnv = "WAYLAND_DISPLAY";
GatewayPorts = "clientspecified";
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = "yes";
X11Forwarding = true;
};
};
};
}

26
modules/nixos/services/openssh/default.nix
View File

@@ -1,19 +1,43 @@
{
config,
outputs,
lib,
self,
...
}:
let
hosts = lib.attrNames outputs.nixosConfigurations;
inherit (lib) mkIf mkEnableOption;
cfg = config.nixos.services.openssh;
hostsWithKeys = builtins.filter (
hostname: builtins.pathExists "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub"
) hosts;
in
{
options = {
nixos.services.openssh.enable = mkEnableOption "Enables openssh";
nixos.services.openssh = {
enable = mkEnableOption "Enables openssh";
};
};
config = mkIf cfg.enable {
programs.ssh = {
knownHosts = lib.genAttrs hostsWithKeys (hostname: {
publicKeyFile = "${self}/hosts/${hostname}/ssh_host_ed25519_key.pub";
});
};
services.openssh = {
enable = true;
settings = {
AcceptEnv = "WAYLAND_DISPLAY";
GatewayPorts = "clientspecified";
PasswordAuthentication = false;
PermitRootLogin = "no";
StreamLocalBindUnlink = "yes";
X11Forwarding = true;
};
};
};
}

2
users/cnst/modules/kimamod.nix
View File

@@ -27,7 +27,7 @@
enable = true;
};
fish = {
enable = false;
enable = true;
};
foot = {
enable = true;