[ssh] Move to actual module

nixos/hosts/Tibo-NixFat/default.nix

@@ -13,6 +13,7 @@
 
     programs = {
       home-manager.enable = true;
+      ssh.enable = true;
       zellij.enable = true;
     };
   };
@@ -46,22 +47,29 @@
     zenith-nvidia
   ];
 
+  hardware.bluetooth.enable = true;
+  
+  networking.hostName = "Tibo-NixFat";
+
+  services = {
+    # Handle the laptop lid switch as follows:
+    logind = {
+      lidSwitch = "hybrid-sleep";
+      lidSwitchExternalPower = "lock";
+      lidSwitchDocked = "ignore";
+    };
+  };
+
   system.stateVersion = "23.05";
 
+  time.timeZone = "Europe/Brussels";
+
   # --- Barrier ---
 
   networking = {
-    hostName = "Tibo-NixFat";
     networkmanager.enable = true;
   };
   
-  # Set your time zone.
-  time.timeZone = "Europe/Brussels";
-  
-  # Configure network proxy if necessary
-  # networking.proxy.default = "http://user:password@proxy:port/";
-  # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
-  
   # Enable sound with pipewire.
   sound.enable = true;
   hardware.pulseaudio.enable = false;
@@ -79,21 +87,10 @@
     #media-session.enable = true;
   };
 
-  # Enable Bluetooth.
-  hardware.bluetooth.enable = true;
-  
-  services = {
-    logind = {
-      lidSwitch = "hybrid-sleep";
-      lidSwitchExternalPower = "lock";
-      lidSwitchDocked = "ignore";
-    };
-
   # Enable touchpad support (enabled default in most desktopManager).
-    xserver = {
+  services.xserver = {
     libinput.enable = true;
   };
-  };
 
   # Allow unfree packages
   nixpkgs.config.allowUnfree = true;

nixos/modules-old/utils/ssh/default.nix

@@ -1,54 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-{
-  services.openssh = {
-    enable = true;
-    settings.PasswordAuthentication = false;
-  };
-
-  home-manager.users.tdpeuter = {
-    programs.ssh = {
-      enable = true;
-      matchBlocks = {
-        "Hugo" = {
-          hostname = "192.168.0.11";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/Hugo/ssh";
-          user = "admin";
-        };
-        "HPC" = {
-          hostname = "login.hpc.ugent.be";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/UGent/HPC/ssh";
-          user = "vsc44995";
-        };
-
-        # Git authentication
-        "git.depeuter.dev" = {
-          hostname = "git.depeuter.dev";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/Hugo/Gitea/ssh";
-          user = "git";
-        };
-        "github.com" = {
-          hostname = "github.com";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/GitHub/ssh";
-          user = "git";
-        };
-        "github.ugent.be" = {
-          hostname = "github.ugent.be";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/UGent/GitHub/ssh";
-          user = "git";
-        };
-        "subgit.ugent.be" = {
-          hostname = "subgit.ugent.be";
-          identitiesOnly = true;
-          identityFile = "/run/secrets/UGent/SubGit/ssh";
-          user = "git";
-        };
-      };
-    };
-  };
-}

nixos/modules/default.nix

@@ -1,8 +1,7 @@
-{ lib, ... }:
-
 {
   imports = [
     ./programs
+    ./services
     ./users
     ./virtualisation
   ];

nixos/modules/programs/default.nix

@@ -1,6 +1,7 @@
 {
   imports = [
     ./home-manager
+    ./ssh
     ./zellij
   ];
 }

nixos/modules/programs/ssh/default.nix

@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.sisyphus.programs.ssh;
+in {
+  options.sisyphus.programs.ssh.enable = lib.mkEnableOption "SSH";
+
+  config = lib.mkIf cfg.enable {
+    programs.ssh = {
+      enableAskPassword = false;
+    };
+  };
+}

nixos/modules/services/default.nix

@@ -0,0 +1,5 @@
+{
+  imports = [
+    ./openssh
+  ];
+}

nixos/modules/services/openssh/default.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.sisyphus.services.openssh;
+in {
+  options.sisyphus.services.openssh.enable = lib.mkEnableOption "OpenSSH";
+
+  config = lib.mkIf cfg.enable {
+    services.openssh = {
+      enable = true;
+      settings = {
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+      };
+    };
+  };
+}

nixos/modules/users/tdpeuter/default.nix

@@ -21,6 +21,8 @@ in {
 
     fonts.fonts = with pkgs; [
       font-awesome_5        # Dependency of Vifm config
+      noto-fonts            # Dependency of Zellij config
+      noto-fonts-cjk        # Dependency of Zellij config
     ];
 
     home-manager.users.tdpeuter = lib.mkIf config.sisyphus.programs.home-manager.enable {
@@ -48,6 +50,7 @@ in {
           unzip
           vifm                  # File manager
           zathura               # PDF viewer
+          zellij                # Tmux + screen alternative
         ]) ++ (with pkgs-unstable; [
           mpv
         ]);
@@ -66,6 +69,10 @@ in {
             source = ../../../../stow/mpv/.config/mpv;
           };
 
+          ".ssh/config" = { # Always put SSH configuration
+            source = ../../../../stow/ssh/.ssh/config;
+          };
+
           # Put Vifm files separately so history fill still works.
           ".config/vifm/colors" = lib.mkIf (builtins.elem pkgs.vifm installedPkgs) {
             source = ../../../../stow/vifm/.config/vifm/colors;

stow/ssh/.ssh/config

@@ -0,0 +1,37 @@
+Host Hugo
+    User admin
+    HostName 192.168.0.11
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/Hugo/ssh
+
+Host HPC
+    User vsc44995
+    HostName login.hpc.ugent.be
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/UGent/HPC/ssh
+
+# Git authentication
+Host git.depeuter.dev
+    User git
+    HostName git.depeuter.dev
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/Hugo/Gitea/ssh
+
+Host github.com
+    User git
+    HostName github.com
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/GitHub/ssh
+
+Host github.ugent.be
+    User git
+    HostName github.ugent.be
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/UGent/GitHub/ssh
+
+Host subgit.ugent.be
+    User git
+    HostName subgit.ugent.be
+    IdentitiesOnly yes
+    IdentityFile /run/secrets/UGent/SubGit/ssh
+