From d40d862c04b35219de98bc45bc09e516d34a75ec Mon Sep 17 00:00:00 2001 From: Tibo De Peuter Date: Wed, 18 Oct 2023 18:54:27 +0200 Subject: [PATCH] [ssh] Move to actual module --- nixos/hosts/Tibo-NixFat/default.nix | 41 +++++++------- .../modules-old/utils/{ssh => sops}/README.md | 0 nixos/modules-old/utils/ssh/default.nix | 54 ------------------- nixos/modules/default.nix | 3 +- nixos/modules/programs/default.nix | 1 + nixos/modules/programs/ssh/default.nix | 13 +++++ nixos/modules/services/default.nix | 5 ++ nixos/modules/services/openssh/default.nix | 17 ++++++ nixos/modules/users/tdpeuter/default.nix | 7 +++ stow/ssh/.ssh/config | 37 +++++++++++++ 10 files changed, 100 insertions(+), 78 deletions(-) rename nixos/modules-old/utils/{ssh => sops}/README.md (100%) delete mode 100644 nixos/modules-old/utils/ssh/default.nix create mode 100644 nixos/modules/programs/ssh/default.nix create mode 100644 nixos/modules/services/default.nix create mode 100644 nixos/modules/services/openssh/default.nix create mode 100644 stow/ssh/.ssh/config diff --git a/nixos/hosts/Tibo-NixFat/default.nix b/nixos/hosts/Tibo-NixFat/default.nix index d96b7e1..54b960b 100644 --- a/nixos/hosts/Tibo-NixFat/default.nix +++ b/nixos/hosts/Tibo-NixFat/default.nix @@ -13,6 +13,7 @@ programs = { home-manager.enable = true; + ssh.enable = true; zellij.enable = true; }; }; @@ -46,22 +47,29 @@ zenith-nvidia ]; + hardware.bluetooth.enable = true; + + networking.hostName = "Tibo-NixFat"; + + services = { + # Handle the laptop lid switch as follows: + logind = { + lidSwitch = "hybrid-sleep"; + lidSwitchExternalPower = "lock"; + lidSwitchDocked = "ignore"; + }; + }; + system.stateVersion = "23.05"; + time.timeZone = "Europe/Brussels"; + # --- Barrier --- networking = { - hostName = "Tibo-NixFat"; networkmanager.enable = true; }; - # Set your time zone. - time.timeZone = "Europe/Brussels"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - # Enable sound with pipewire. sound.enable = true; hardware.pulseaudio.enable = false; @@ -79,20 +87,9 @@ #media-session.enable = true; }; - # Enable Bluetooth. - hardware.bluetooth.enable = true; - - services = { - logind = { - lidSwitch = "hybrid-sleep"; - lidSwitchExternalPower = "lock"; - lidSwitchDocked = "ignore"; - }; - - # Enable touchpad support (enabled default in most desktopManager). - xserver = { - libinput.enable = true; - }; + # Enable touchpad support (enabled default in most desktopManager). + services.xserver = { + libinput.enable = true; }; # Allow unfree packages diff --git a/nixos/modules-old/utils/ssh/README.md b/nixos/modules-old/utils/sops/README.md similarity index 100% rename from nixos/modules-old/utils/ssh/README.md rename to nixos/modules-old/utils/sops/README.md diff --git a/nixos/modules-old/utils/ssh/default.nix b/nixos/modules-old/utils/ssh/default.nix deleted file mode 100644 index bc0f463..0000000 --- a/nixos/modules-old/utils/ssh/default.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.openssh = { - enable = true; - settings.PasswordAuthentication = false; - }; - - home-manager.users.tdpeuter = { - programs.ssh = { - enable = true; - matchBlocks = { - "Hugo" = { - hostname = "192.168.0.11"; - identitiesOnly = true; - identityFile = "/run/secrets/Hugo/ssh"; - user = "admin"; - }; - "HPC" = { - hostname = "login.hpc.ugent.be"; - identitiesOnly = true; - identityFile = "/run/secrets/UGent/HPC/ssh"; - user = "vsc44995"; - }; - - # Git authentication - "git.depeuter.dev" = { - hostname = "git.depeuter.dev"; - identitiesOnly = true; - identityFile = "/run/secrets/Hugo/Gitea/ssh"; - user = "git"; - }; - "github.com" = { - hostname = "github.com"; - identitiesOnly = true; - identityFile = "/run/secrets/GitHub/ssh"; - user = "git"; - }; - "github.ugent.be" = { - hostname = "github.ugent.be"; - identitiesOnly = true; - identityFile = "/run/secrets/UGent/GitHub/ssh"; - user = "git"; - }; - "subgit.ugent.be" = { - hostname = "subgit.ugent.be"; - identitiesOnly = true; - identityFile = "/run/secrets/UGent/SubGit/ssh"; - user = "git"; - }; - }; - }; - }; -} diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 18a9fb3..b9d9008 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,8 +1,7 @@ -{ lib, ... }: - { imports = [ ./programs + ./services ./users ./virtualisation ]; diff --git a/nixos/modules/programs/default.nix b/nixos/modules/programs/default.nix index 17e5627..159d6a0 100644 --- a/nixos/modules/programs/default.nix +++ b/nixos/modules/programs/default.nix @@ -1,6 +1,7 @@ { imports = [ ./home-manager + ./ssh ./zellij ]; } diff --git a/nixos/modules/programs/ssh/default.nix b/nixos/modules/programs/ssh/default.nix new file mode 100644 index 0000000..13b008c --- /dev/null +++ b/nixos/modules/programs/ssh/default.nix @@ -0,0 +1,13 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.sisyphus.programs.ssh; +in { + options.sisyphus.programs.ssh.enable = lib.mkEnableOption "SSH"; + + config = lib.mkIf cfg.enable { + programs.ssh = { + enableAskPassword = false; + }; + }; +} diff --git a/nixos/modules/services/default.nix b/nixos/modules/services/default.nix new file mode 100644 index 0000000..f7295a5 --- /dev/null +++ b/nixos/modules/services/default.nix @@ -0,0 +1,5 @@ +{ + imports = [ + ./openssh + ]; +} diff --git a/nixos/modules/services/openssh/default.nix b/nixos/modules/services/openssh/default.nix new file mode 100644 index 0000000..f4ba49b --- /dev/null +++ b/nixos/modules/services/openssh/default.nix @@ -0,0 +1,17 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.sisyphus.services.openssh; +in { + options.sisyphus.services.openssh.enable = lib.mkEnableOption "OpenSSH"; + + config = lib.mkIf cfg.enable { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + PermitRootLogin = "no"; + }; + }; + }; +} diff --git a/nixos/modules/users/tdpeuter/default.nix b/nixos/modules/users/tdpeuter/default.nix index 3f9baf4..5e89862 100644 --- a/nixos/modules/users/tdpeuter/default.nix +++ b/nixos/modules/users/tdpeuter/default.nix @@ -21,6 +21,8 @@ in { fonts.fonts = with pkgs; [ font-awesome_5 # Dependency of Vifm config + noto-fonts # Dependency of Zellij config + noto-fonts-cjk # Dependency of Zellij config ]; home-manager.users.tdpeuter = lib.mkIf config.sisyphus.programs.home-manager.enable { @@ -48,6 +50,7 @@ in { unzip vifm # File manager zathura # PDF viewer + zellij # Tmux + screen alternative ]) ++ (with pkgs-unstable; [ mpv ]); @@ -66,6 +69,10 @@ in { source = ../../../../stow/mpv/.config/mpv; }; + ".ssh/config" = { # Always put SSH configuration + source = ../../../../stow/ssh/.ssh/config; + }; + # Put Vifm files separately so history fill still works. ".config/vifm/colors" = lib.mkIf (builtins.elem pkgs.vifm installedPkgs) { source = ../../../../stow/vifm/.config/vifm/colors; diff --git a/stow/ssh/.ssh/config b/stow/ssh/.ssh/config new file mode 100644 index 0000000..1bdb4cd --- /dev/null +++ b/stow/ssh/.ssh/config @@ -0,0 +1,37 @@ +Host Hugo + User admin + HostName 192.168.0.11 + IdentitiesOnly yes + IdentityFile /run/secrets/Hugo/ssh + +Host HPC + User vsc44995 + HostName login.hpc.ugent.be + IdentitiesOnly yes + IdentityFile /run/secrets/UGent/HPC/ssh + +# Git authentication +Host git.depeuter.dev + User git + HostName git.depeuter.dev + IdentitiesOnly yes + IdentityFile /run/secrets/Hugo/Gitea/ssh + +Host github.com + User git + HostName github.com + IdentitiesOnly yes + IdentityFile /run/secrets/GitHub/ssh + +Host github.ugent.be + User git + HostName github.ugent.be + IdentitiesOnly yes + IdentityFile /run/secrets/UGent/GitHub/ssh + +Host subgit.ugent.be + User git + HostName subgit.ugent.be + IdentitiesOnly yes + IdentityFile /run/secrets/UGent/SubGit/ssh +