old
1{
2 lib,
3 myvars,
4 config,
5 ...
6}: let
7 hosts = config.modules.my-hosts;
8 managedHosts =
9 lib.filterAttrs (
10 name: host:
11 !builtins.isNull host.hostPublicKey
12 && (!builtins.isNull host.network.ipv4 || !builtins.isNull host.network.ipv6)
13 )
14 hosts;
15 secretIpHosts =
16 lib.filterAttrs (
17 name: host:
18 isSecret host.network.ipv4 || isSecret host.network.ipv6
19 )
20 managedHosts;
21
22 isSecret = v: lib.isAttrs v && v ? "secretName";
23 isPlain = v: lib.isString v;
24in {
25 users.users.${myvars.username} = {
26 description = myvars.userfullname;
27 openssh.authorizedKeys.keys = myvars.sshAuthorizedKeys;
28 };
29
30 programs.mosh.enable = true; # Alternative of SSH for high latency connections
31 programs.ssh.knownHosts =
32 lib.mapAttrs'
33 (name: host: lib.nameValuePair name {publicKey = host.hostPublicKey;})
34 managedHosts;
35
36 programs.ssh.extraConfig = ''
37 ${lib.concatStringsSep "\n" (
38 lib.mapAttrsToList (
39 name: host: let
40 cfg = host.network;
41 in ''
42 Host ${name}
43 ${lib.optionalString (isPlain cfg.ipv4) "HostName ${cfg.ipv4}"}
44 ${lib.optionalString (isPlain cfg.ipv6) "HostName ${cfg.ipv6}"}
45 ${
46 lib.optionalString (isSecret cfg.ipv4 || isSecret cfg.ipv6)
47 "Include ${config.sops.templates."ssh-config-${name}".path}"
48 }
49 Port ${toString (lib.elemAt host.sshPorts 0)}
50 ''
51 )
52 managedHosts
53 )}
54 '';
55
56 sops.templates =
57 lib.mapAttrs'
58 (name: host:
59 lib.nameValuePair "ssh-config-${name}" {
60 content = ''
61 ${lib.optionalString (isSecret host.network.ipv4) ''
62 HostName ${config.sops.placeholder.${host.network.ipv4.secretName}}
63 ''}
64 ${lib.optionalString (isSecret host.network.ipv6) ''
65 HostName ${config.sops.placeholder.${host.network.ipv6.secretName}}
66 ''}
67 '';
68 owner = "root";
69 group = "ssh-secrets-users";
70 mode = "0440";
71 })
72 secretIpHosts;
73}