old
 1{
 2  lib,
 3  myvars,
 4  config,
 5  ...
 6}: let
 7  hosts = config.modules.my-hosts;
 8  managedHosts =
 9    lib.filterAttrs (
10      name: host:
11        !builtins.isNull host.hostPublicKey
12        && (!builtins.isNull host.network.ipv4 || !builtins.isNull host.network.ipv6)
13    )
14    hosts;
15  secretIpHosts =
16    lib.filterAttrs (
17      name: host:
18        isSecret host.network.ipv4 || isSecret host.network.ipv6
19    )
20    managedHosts;
21
22  isSecret = v: lib.isAttrs v && v ? "secretName";
23  isPlain = v: lib.isString v;
24in {
25  users.users.${myvars.username} = {
26    description = myvars.userfullname;
27    openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
28  };
29
30  programs.mosh.enable = true; # Alternative of SSH for high latency connections
31  programs.ssh.knownHosts =
32    lib.mapAttrs'
33    (name: host: lib.nameValuePair name {publicKey = host.hostPublicKey;})
34    managedHosts;
35
36  programs.ssh.extraConfig = ''
37    ${lib.concatStringsSep "\n" (
38      lib.mapAttrsToList (
39        name: host: let
40          cfg = host.network;
41        in ''
42          Host ${name}
43            ${lib.optionalString (isPlain cfg.ipv4) "HostName ${cfg.ipv4}"}
44            ${lib.optionalString (isPlain cfg.ipv6) "HostName ${cfg.ipv6}"}
45            ${
46            lib.optionalString (isSecret cfg.ipv4 || isSecret cfg.ipv6)
47            "Include ${config.sops.templates."ssh-config-${name}".path}"
48          }
49            Port ${toString (lib.elemAt host.sshPorts 0)}
50        ''
51      )
52      managedHosts
53    )}
54  '';
55
56  sops.templates =
57    lib.mapAttrs'
58    (name: host:
59      lib.nameValuePair "ssh-config-${name}" {
60        content = ''
61          ${lib.optionalString (isSecret host.network.ipv4) ''
62            HostName ${config.sops.placeholder.${host.network.ipv4.secretName}}
63          ''}
64          ${lib.optionalString (isSecret host.network.ipv6) ''
65            HostName ${config.sops.placeholder.${host.network.ipv6.secretName}}
66          ''}
67        '';
68        owner = "root";
69        group = "ssh-secrets-users";
70        mode = "0440";
71      })
72    secretIpHosts;
73}