Enable ssh

2025-01-25 16:49:07 -08:00 · 2025-01-25 16:49:07 -08:00 · 7ec87ef1bd
commit 7ec87ef1bd
parent 76087a056b
4 changed files with 96 additions and 3 deletions
--- a/modules/apps/default.nix
+++ b/modules/apps/default.nix
@ -12,6 +12,7 @@
    ./mangohud
    ./nh
    ./obs
+    ./ssh
    ./steam
    ./sunshine
    ./syncthing
--- a/modules/apps/ssh/default.nix
+++ b/modules/apps/ssh/default.nix
@ -0,0 +1,91 @@
+{
+  lib,
+  config,
+  username,
+  ...
+}:
+let
+  cfg = config.ssh;
+in
+{
+  options = {
+    ssh = {
+      enable = lib.mkEnableOption "Enable ssh in NixOS";
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    programs.ssh = {
+      startAgent = true;
+    };
+    services.openssh = {
+      enable = true;
+      listenAddresses = [
+        {
+          addr = "0.0.0.0";
+          port = 15995;
+        }
+      ];
+      ports = [ 15995 ];
+      settings = {
+        AllowUsers = [ "${username}" ];
+        # Allow forwarding ports to everywhere
+        GatewayPorts = "clientspecified";
+        KbdInteractiveAuthentication = false;
+        KexAlgorithms = [
+          "sntrup761x25519-sha512@openssh.com"
+          "curve25519-sha256"
+          "curve25519-sha256@libssh.org"
+          #"diffie-hellman-group-exchange-sha256"
+        ];
+        PasswordAuthentication = false;
+        PermitRootLogin = "no";
+        # Automatically remove stale sockets
+        StreamLocalBindUnlink = "yes";
+        UseDns = true;
+        X11Forwarding = true;
+      };
+    };
+    home-manager.users.${username} =
+      { config, pkgs, ... }:
+      {
+        home.file = {
+          desktop-entry-ssh-add = {
+            enable = true;
+            text = ''
+              [Desktop Entry]
+              Exec=ssh-add -q .ssh/id_ed25519
+              Name=ssh-add
+              Type=Application
+            '';
+            target = "${config.xdg.configHome}/autostart/ssh-add.desktop";
+          };
+        };
+        home.packages = with pkgs; [ sshs ];
+        programs.ssh = {
+          enable = true;
+          extraConfig = ''
+            Host thalia
+              HostName thalia
+              User ${username}
+              Port 6777
+            Host orion
+              HostName orion
+              User ${username}
+              Port 6777
+            Host media
+              HostName media.home
+              User ryan
+              Port 22
+            Host proxmox
+              HostName proxmox.home
+              User root
+              Port 22
+            Host router
+              HostName router.home
+              User root
+              Port 22
+          '';
+        };
+      };
+  };
+}
--- a/modules/profiles/base.nix
+++ b/modules/profiles/base.nix
@ -45,7 +45,7 @@ in
    # nvim.enable = true;
    # pay-respects.enable = true;
    # ripgrep.enable = true;
-    # ssh.enable = true;
+    ssh.enable = true;
    # starship.enable = true;
    # tailscale.enable = true;
    # tealdeer.enable = true;
--- a/3
+++ b/3
@ -2,11 +2,12 @@ DONE    secrets
 DONE    syncthing
 DONE    Logseq
 DONE    mouse speed
+TODO    git thru ssh
 TODO    boot into Hyprland
 TODO    autologin on boot
-TODO    git thru ssh
 TODO    zsh error
 TODO    ags
 TODO    sudo nopasswd
 TODO    brightness controls
 TODO    sounds (disable bell!!!)
+TODO    KDEConnect