ssh.nix
1 { config, lib, ... }: let 2 inherit (lib) enabled mkIf; 3 controlPath = "~/.ssh/control"; 4 in { 5 # Agenix secret for SSH config 6 age.secrets.sshConfig = mkIf (config ? age.secrets) { 7 file = ./ssh/config.age; 8 mode = "0444"; 9 }; 10 11 home-manager.sharedModules = [{ 12 home.activation.createControlPath = { 13 after = [ "writeBoundary" ]; 14 before = []; 15 data = "mkdir --parents ${controlPath}"; 16 }; 17 18 programs.ssh = enabled { 19 controlMaster = "auto"; 20 controlPath = "${controlPath}/%r@%n:%p"; 21 controlPersist = "60m"; 22 serverAliveCountMax = 2; 23 serverAliveInterval = 60; 24 25 includes = lib.optionals (config ? age.secrets.sshConfig) [ 26 config.age.secrets.sshConfig.path 27 ]; 28 29 matchBlocks = { 30 "*" = { 31 setEnv.COLORTERM = "truecolor"; 32 setEnv.TERM = "xterm-256color"; 33 identityFile = "~/.ssh/id"; 34 }; 35 36 "github.com-ay" = { 37 hostname = "github.com"; 38 user = "git"; 39 identityFile = "~/.ssh/id_ed25519_ay_github"; 40 }; 41 42 "github.com-a0" = { 43 hostname = "github.com"; 44 user = "git"; 45 identityFile = "~/.ssh/id_ed25519_a0_github"; 46 }; 47 }; 48 }; 49 }]; 50 }