shelvacu/nix-stuff
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stuff

Browse Source
This commit is contained in:
Shelvacu
2025-05-16 16:51:42 -07:00
committed by Shelvacu on fw
parent 4e79183aa8
commit 9c47bfce48
11 changed files with 381 additions and 357 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/common-but-not.nix
View File

@@ -8,7 +8,7 @@
...
}:
lib.optionalAttrs (vacuModuleType != "plain") {
nix.registry = lib.mkIf !config.vacu.isMinimal {
nix.registry = lib.mkIf (!config.vacu.isMinimal) {
vacu.to = {
type = "path";
path = inputs.self.outPath;

192
common/default.nix
View File

@@ -34,6 +34,7 @@ else
./common-but-not.nix
./defaultPackages.nix
./git.nix
./hosts.nix
./hpn.nix
./lib
./lix.nix
@@ -47,7 +48,6 @@ else
./shell
./sops.nix
./sourceTree.nix
./ssh.nix
./staticNames.nix
./units-config.nix
./units-impl.nix
@@ -83,7 +83,7 @@ else
inherit vacuModuleType;
inputRevs = lib.mapAttrs (_: v: anyRev v) inputs;
}
// lib.optionalAttrs !config.vacu.isMinimal {
// lib.optionalAttrs (!config.vacu.isMinimal) {
flakePath = self.outPath;
inherit inputs;
};
@@ -127,200 +127,16 @@ else
# t460s = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHcYwYy9/0Gu/GsqS72Nkz6OkId+zevqXA/aTIcvqflp";
# pixel6pro-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsErA6M9LSHj2hPlLuHD8Lpei7WjMup1JxI1vxA6B8W";
compute-deck = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKoy1TrmfhBGWtVedgOM1FB1oD2UdodN3LkBnnLx6Tug";
compute-deck-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I";
triple-dezert = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICVeSzDkGTueZijB0xUa08e06ovAEwwZK/D+Cc7bo91g";
triple-dezert-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOtwtao/TXbiuQOYJbousRPVesVcb/2nP0PCFUec0Nv8";
compute-deck-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAxAFFxQMXAgi+0cmGaNE/eAkVfEl91wafUqFIuAkI5I";
pro1x-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcRDekd8ZOYfQS5X95/yNof3wFYIbHqWeq4jY0+ywQX";
fw-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHLPOxRd68+DJ/bYmqn0wsgwwIcMSMyuU1Ya16hCb/m";
fw = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINQ2c0GzlVMjV06CS7bWbCaAbzG2+7g5FCg/vClJPe0C";
fw-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGHLPOxRd68+DJ/bYmqn0wsgwwIcMSMyuU1Ya16hCb/m";
pixel9pro-nod = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINznGot+L8kYoVQqdLV/R17XCd1ILMoDCILOg+I3s5wC";
legtop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOre0FnYDm3arsFj9c/l5H2Q8mdmv7kmvq683pL4heru";
prophecy = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPephaH7Mi6/BaglYzFTwYYaQTqdISJHiDzA5sciN+r6";
prophecy-root = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGIQ6wlU5WzrWyAoWFE7rwqFf7/Ji53dxNflyrrYiiKs";
};
vacu.ssh.config = ''
Host deckvacu
User deck
Host rsb
User user
HostName finaltask.xyz
Port 2222
Host awoo
HostName 45.142.157.71
Host trip
HostName trip.shelvacu.com
Port 6922
Host liam
HostName 178.128.79.152
Host pluto
HostName pluto.somevideogam.es
Host sdf
HostName tty.sdf.org
Host u
User git
HostName git.uninsane.org
Host gl
User git
HostName gitlab.com
Host gh
User git
HostName github.com
Host rsyncnet
User fm2382
HostName fm2382.rsync.net
Host rsn
User fm2382
HostName fm2382.rsync.net
Host prop
HostName prophecy.shelvacu.com
Host *
User shelvacu
GlobalKnownHostsFile ${pkgs.writeText "known_hosts" config.vacu.ssh.knownHostsText}
'';
vacu.ssh.knownHosts = {
#public hosts
"github.com".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"gitlab.com".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"git.sr.ht".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
"sdf.org" = {
extraHostNames = [ "tty.sdf.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJk3a190w/1TZkzVKORvz/kwyKmFY144lVeDFm80p17";
};
"rsync.net" = {
extraHostNames = [
"rsn"
"rsyncnet"
"fm2382.rsync.net"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINdUkGe6kKn5ssz4WRZKjcws0InbQqZayenzk9obmP1z";
};
#colin's stuff
"uninsane.org" = {
extraHostNames = [ "git.uninsane.org" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
};
"desko" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
};
#daymocker's stuff
"pluto" = {
extraHostNames = [ "74.208.184.137" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICpHY4fLZ1hNuB2oRQM7R3b4eQyIHbFB45ZYp3XCELLg";
};
#powerhouse hosts
"ostiary" = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSYyd1DGPXGaV4mD34tUbXvbtIi/Uv2otoMUsCkxRse";
};
"habitat" = {
# previously known as zigbee-hub
extraHostNames = [ "10.78.79.114" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJxwUYddOxgViJDOiokfaQ6CsCx/Sw+b3IisdJv8zFN";
};
"vnopn" = {
extraHostNames = [
"10.78.79.1"
"vnopn.t2d.lan"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMgJE8shlTYF3nxKR/aILd1SzwDwhtCrjz9yHL7lgSZ";
};
#personal hosts
trip = {
extraHostNames = [
"triple-dezert"
"trip.shelvacu.com"
"[trip.shelvacu.com]:6922"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUQux9V0mSF5IauoO1z311NXR7ymEbwRMzT+OaaNQr+";
};
prophecy = {
extraHostNames = [
"prop"
"prophecy.t2d.lan"
"prop.shelvacu.com"
"prophecy.shelvacu.com"
"10.78.79.22"
"205.201.63.13"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPmy1+1CL6mLbp0IfRTLwsVdjKmw5u0kbQqHin8oXMq";
};
servacu = {
extraHostNames = [
"mail.dis8.net"
"servacu.shelvacu.com"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+E6na7np0HnBV2X7owno+Fg+bNNRSHLxO6n1JzdUTV";
};
finaltask = {
extraHostNames = [
"rsb"
"finaltask.xyz"
"[finaltask.xyz]:2222"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTx8WBNNKBVRV98HgDChpd59SHbreJ87SXU+zOKan6y";
};
compute-deck = {
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGt43GmXCxkl5QjgPQ/QimW11lKfXmV4GFWvlxQSf4TQ";
};
"2esrever" = {
extraHostNames = [
"10.4.5.218"
"10.244.46.71"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0LnPrJxAdffZ//uRe3NBiIfFCBNMLqKVylkyU0llvT";
};
awoo = {
extraHostNames = [ "45.142.157.71" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQaDjjfSK8jnk9aFIiYH9LZO4nLY/oeAc7BKIPUXMh1";
};
deckvacu = {
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEa8qpFkIlLLJkH8rmEAn6/MZ9ilCGmEQWC3CeFae7r1kOqfwRk0nq0oyOGJ50uIh+PpwEh3rbgq6mLfpRfsFmM=";
};
liam = {
extraHostNames = [
"liam.dis8.net"
"178.128.79.152"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOqJYVHOIFmEA5uRbbirIupWvyBLAFwic/8EZQRdN/c";
};
fw = {
extraHostNames = [ "fw.t2d.lan" ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2";
};
legtop = {
extraHostNames = [
"lt"
"legtop.t2d.lan"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvunOGsmHg8igMGo0FpoXaegYI20wZylG8nsMFY4+JL";
};
mmm = {
extraHostNames = [
"mmm.t2d.lan"
"10.78.79.11"
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsorkZ3rIZ2lLigwQWfA64xZRlt5lk6QPzypg55eLlD";
};
};
};
}

4
common/defaultPackages.nix
View File

@@ -51,7 +51,7 @@ lib.mkMerge [
wl-clipboard
];
})
(lib.mkIf !config.vacu.isMinimal {
(lib.mkIf (!config.vacu.isMinimal) {
# big pkgs for non-minimal systems
vacu.packages = with pkgs; [
aircrack-ng
@@ -92,7 +92,7 @@ lib.mkMerge [
{
vacu.packages.borgbackup.enable = config.vacu.isDev && (pkgs.system != "aarch64-linux");
vacu.packages.ffmpeg-vacu-full.enable = config.vacu.isGui;
vacu.packages.ffmpeg-vacu-headless.enable = !config.vacu.minimal && !config.vacu.isGui;
vacu.packages.ffmpeg-vacu-headless.enable = !config.vacu.isMinimal && !config.vacu.isGui;
}
{
vacu.packages = {

149
common/hosts.nix Normal file
View File

@@ -0,0 +1,149 @@
{
lib,
vacuModules,
...
}:
{
imports = [
vacuModules.knownHosts
vacuModules.ssh
];
vacu.hosts = {
#public hosts
"github.com".sshKeys =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
"gitlab.com".sshKeys =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAfuCHKVTjquxvt6CM6tdG4SLp1Btn/nOeHHE5UOzRdf";
"git.sr.ht".sshKeys =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZvRd4EtM7R+IHVMWmDkVU3VLQTSwQDSAvW0t2Tkj60";
"sdf.org" = {
sshHostname = "tty.sdf.org";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJk3a190w/1TZkzVKORvz/kwyKmFY144lVeDFm80p17";
};
"rsn" = {
altNames = [
"rsyncnet"
"rsync.net"
];
sshUsername = "fm2382";
sshHostname = "fm2382.rsync.net";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINdUkGe6kKn5ssz4WRZKjcws0InbQqZayenzk9obmP1z";
};
#colin's stuff
"servo" = {
altNames = [ "git.uninsane.org" "uninsane.org" ];
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOfdSmFkrVT6DhpgvFeQKm3Fh9VKZ9DbLYOPOJWYQ0E8";
};
"desko" = {
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFw9NoRaYrM6LbDd3aFBc4yyBlxGQn8HjeHd/dZ3CfHk";
};
#daymocker's stuff
"pluto" = {
sshHostname = "pluto.somevideogam.es";
primaryIp = "74.208.184.137";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICpHY4fLZ1hNuB2oRQM7R3b4eQyIHbFB45ZYp3XCELLg";
};
#powerhouse hosts
"ostiary" = {
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBSYyd1DGPXGaV4mD34tUbXvbtIi/Uv2otoMUsCkxRse";
};
"habitat" = {
# previously known as zigbee-hub
primaryIp = "10.78.79.114";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBJxwUYddOxgViJDOiokfaQ6CsCx/Sw+b3IisdJv8zFN";
};
"vnopn" = {
primaryIp = "10.78.79.1";
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEMgJE8shlTYF3nxKR/aILd1SzwDwhtCrjz9yHL7lgSZ";
};
#personal hosts
triple-dezert = {
altNames = [
"trip"
"trip.shelvacu.com"
"triple-dezert.shelvacu.com"
];
primaryIp = "172.83.159.53";
altIps = [ "10.78.79.237" ];
isLan = true;
sshPort = 6922;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGUQux9V0mSF5IauoO1z311NXR7ymEbwRMzT+OaaNQr+";
};
prophecy = {
altNames = [
"prop"
"prop.shelvacu.com"
"prophecy.shelvacu.com"
];
primaryIp = "205.201.63.13";
altIps = [ "10.78.79.22" ];
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFPmy1+1CL6mLbp0IfRTLwsVdjKmw5u0kbQqHin8oXMq";
};
servacu = {
altNames = [
"mail.dis8.net"
"servacu.shelvacu.com"
];
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE+E6na7np0HnBV2X7owno+Fg+bNNRSHLxO6n1JzdUTV";
};
finaltask = {
altNames = [
"rsb"
"finaltask.xyz"
];
primaryIp = "45.87.250.193";
sshPort = 2222;
sshUsername = "user";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPTx8WBNNKBVRV98HgDChpd59SHbreJ87SXU+zOKan6y";
};
compute-deck = {
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGt43GmXCxkl5QjgPQ/QimW11lKfXmV4GFWvlxQSf4TQ";
};
"2esrever" = {
altIps = [
"10.4.5.218"
"10.244.46.71"
];
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH0LnPrJxAdffZ//uRe3NBiIfFCBNMLqKVylkyU0llvT";
};
awoo = {
primaryIp = "45.142.157.71";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOQaDjjfSK8jnk9aFIiYH9LZO4nLY/oeAc7BKIPUXMh1";
};
deckvacu = {
sshUsername = "deck";
sshKeys = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEa8qpFkIlLLJkH8rmEAn6/MZ9ilCGmEQWC3CeFae7r1kOqfwRk0nq0oyOGJ50uIh+PpwEh3rbgq6mLfpRfsFmM=";
};
liam = {
altNames = [ "liam.dis8.net" ];
primaryIp = "178.128.79.152";
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHOqJYVHOIFmEA5uRbbirIupWvyBLAFwic/8EZQRdN/c";
};
fw = {
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA6lX25mCy35tf1NpcHMAdeRgvT7l0Dw0FWBH3eX4TE2";
};
legtop = {
altNames = [
"lt"
];
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKvunOGsmHg8igMGo0FpoXaegYI20wZylG8nsMFY4+JL";
};
mmm = {
primaryIp = "10.78.79.11";
isLan = true;
sshKeys = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFsorkZ3rIZ2lLigwQWfA64xZRlt5lk6QPzypg55eLlD";
};
};
}

1
common/nix-on-droid.nix
View File

@@ -9,7 +9,6 @@ let
in
lib.optionalAttrs (vacuModuleType == "nix-on-droid") {
environment.packages = config.vacu.packageList;
environment.etc."ssh/ssh_config".text = config.vacu.ssh.config;
nix.substituters = lib.mkForce config.vacu.nix.substituterUrls;
nix.trustedPublicKeys = lib.mkForce config.vacu.nix.trustedKeys;
vacu.shell.functionsDir = "${config.user.home}/.nix-profile/share/vacufuncs";

17
common/nixos.nix
View File

@@ -19,7 +19,7 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
console = {
keyMap = lib.mkDefault "us";
};
networking = if config.vacu.hostName == null then { } else { hostName = config.vacu.hostName; };
networking = lib.mkIf (config.vacu.hostName != null) { inherit (config.vacu) hostName; };
vacu.packages."xorg-xev" = {
enable = config.services.xserver.enable;
package = pkgs.xorg.xev;
@@ -37,18 +37,11 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
time.timeZone = "America/Los_Angeles";
users.users.shelvacu = lib.mkIf !config.vacu.isContainer {
users.users.shelvacu = lib.mkIf (!config.vacu.isContainer) {
openssh.authorizedKeys.keys = lib.attrValues config.vacu.ssh.authorizedKeys;
isNormalUser = true;
extraGroups = [ "wheel" ];
};
# # safety user: if something is super fucked up with my shell stuff, I can ssh in as shelvac2
# users.users.shelvac2 = {
# openssh.authorizedKeys.keys = config.vacu.ssh.authorizedKeys;
# isNormalUser = true;
# extraGroups = [ "wheel" ];
# shell = pkgs.bash;
# };
services.openssh = {
# require public key authentication for better security
settings.PasswordAuthentication = false;
@@ -56,7 +49,7 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
settings.PermitRootLogin = "prohibit-password";
};
nix.settings.trusted-users = lib.mkIf !config.vacu.isContainer [ "shelvacu" ];
nix.settings.trusted-users = lib.mkIf (!config.vacu.isContainer) [ "shelvacu" ];
security.sudo.wheelNeedsPassword = lib.mkDefault false;
programs.screen = {
@@ -68,7 +61,7 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
'';
};
programs.tmux = lib.mkIf !config.vacu.isContainer {
programs.tmux = lib.mkIf (!config.vacu.isContainer) {
enable = true;
extraConfig = "setw mouse";
clock24 = true;
@@ -85,8 +78,6 @@ lib.optionalAttrs (vacuModuleType == "nixos") {
extra-trusted-public-keys = lib.mkForce [ ];
};
programs.ssh.extraConfig = config.vacu.ssh.config;
security.pki.certificates = config.vacu.rootCAs;
# commands.nix

2
common/nixvim.nix
View File

@@ -23,7 +23,7 @@ in
config = {
vacu.nixvimPkg = inputs.self.packages.${pkgs.system}.${nixvim-name};
vacu.shell.functions =
lib.mkIf !config.vacu.isMinimal
lib.mkIf (!config.vacu.isMinimal)
{
nvim-plain = ''${pkgs.neovim}/bin/nvim "$@"'';
nvim-nixvim = ''${config.vacu.nixvimPkg}/bin/nvim "$@"'';

2
common/sourceTree.nix
View File

@@ -19,7 +19,7 @@ in
vacu.sourceTree = pkgs.linkFarm "simple-inputs-tree" inputs;
}
// (lib.optionalAttrs (vacuModuleType == "nixos" || vacuModuleType == "nix-on-droid") {
environment.etc = lib.optionalAttrs !config.vacu.isMinimal {
environment.etc = lib.optionalAttrs (!config.vacu.isMinimal) {
"vacu/sources".source = "${config.vacu.sourceTree}";
};
});

150
common/ssh.nix
View File

@@ -1,150 +0,0 @@
{ lib, config, ... }:
let
inherit (lib)
mkOption
types
flip
concatMapStringsSep
optionalString
concatStringsSep
readFile
literalExpression
;
inherit (builtins) attrValues;
cfg = config.vacu;
knownHosts = builtins.filter (a: a.enable) (attrValues cfg.ssh.knownHosts);
knownHostsText =
(flip (concatMapStringsSep "\n") knownHosts (
h:
assert h.hostNames != [ ];
optionalString h.certAuthority "@cert-authority "
+ concatStringsSep "," h.hostNames
+ " "
+ (if h.publicKey != null then h.publicKey else readFile h.publicKeyFile)
))
+ "\n";
in
{
options = {
vacu.ssh.knownHostsText = mkOption {
type = types.str;
readOnly = true;
default = knownHostsText;
};
#vacu.ssh.authorizedKeys = mkOption { type = types.listOf types.str; };
vacu.ssh.authorizedKeys = mkOption {
type = types.attrsOf types.str;
default = { };
};
vacu.ssh.config = mkOption { type = types.lines; };
# Straight copied from nixpkgs
# https://github.com/NixOS/nixpkgs/blob/46397778ef1f73414b03ed553a3368f0e7e33c2f/nixos/modules/programs/ssh.nix
vacu.ssh.knownHosts = mkOption {
default = { };
type = types.attrsOf (
types.submodule (
{
name,
config,
options,
...
}:
{
options = {
enable = mkOption {
type = types.bool;
default = true;
};
certAuthority = mkOption {
type = types.bool;
default = false;
description = ''
This public key is an SSH certificate authority, rather than an
individual host's key.
'';
};
hostNames = mkOption {
type = types.listOf types.str;
default = [ name ] ++ config.extraHostNames;
defaultText = literalExpression "[ ${name} ] ++ config.${options.extraHostNames}";
description = ''
A list of host names and/or IP numbers used for accessing
the host's ssh service. This list includes the name of the
containing `knownHosts` attribute by default
for convenience. If you wish to configure multiple host keys
for the same host use multiple `knownHosts`
entries with different attribute names and the same
`hostNames` list.
'';
};
extraHostNames = mkOption {
type = types.listOf types.str;
default = [ ];
description = ''
A list of additional host names and/or IP numbers used for
accessing the host's ssh service. This list is ignored if
`hostNames` is set explicitly.
'';
};
publicKey = mkOption {
default = null;
type = types.nullOr types.str;
example = "ecdsa-sha2-nistp521 AAAAE2VjZHN...UEPg==";
description = ''
The public key data for the host. You can fetch a public key
from a running SSH server with the {command}`ssh-keyscan`
command. The public key should not include any host names, only
the key type and the key itself.
'';
};
publicKeyFile = mkOption {
default = null;
type = types.nullOr types.path;
description = ''
The path to the public key file for the host. The public
key file is read at build time and saved in the Nix store.
You can fetch a public key file from a running SSH server
with the {command}`ssh-keyscan` command. The content
of the file should follow the same format as described for
the `publicKey` option. Only a single key
is supported. If a host has multiple keys, use
{option}`programs.ssh.knownHostsFiles` instead.
'';
};
};
}
)
);
description = ''
The set of system-wide known SSH hosts. To make simple setups more
convenient the name of an attribute in this set is used as a host name
for the entry. This behaviour can be disabled by setting
`hostNames` explicitly. You can use
`extraHostNames` to add additional host names without
disabling this default.
'';
example = literalExpression ''
{
myhost = {
extraHostNames = [ "myhost.mydomain.com" "10.10.1.4" ];
publicKeyFile = ./pubkeys/myhost_ssh_host_dsa_key.pub;
};
"myhost2.net".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIRuJ8p1Fi+m6WkHV0KWnRfpM1WxoW8XAS+XvsSKsTK";
"myhost2.net/dsa" = {
hostNames = [ "myhost2.net" ];
publicKeyFile = ./pubkeys/myhost2_ssh_host_dsa_key.pub;
};
}
'';
};
};
config.vacu.assertions = lib.flip lib.mapAttrsToList config.vacu.ssh.knownHosts (
name: data: {
assertion =
(!data.enable)
|| (data.publicKey == null && data.publicKeyFile != null)
|| (data.publicKey != null && data.publicKeyFile == null);
message = "knownHost ${name} must contain either a publicKey or publicKeyFile";
}
);
}

82
modules/knownHosts/module.nix Normal file
View File

@@ -0,0 +1,82 @@
{
lib,
config,
vaculib,
vacuModuleType,
...
}:
let
inherit (lib) mkOption types;
inherit (vaculib) mkOutOption;
nameishRegex = ''[a-z0-9_\.-]+'';
nameish = types.strMatching nameishRegex;
hostModule = {
name,
config,
...
}:
let
fullLanNames = lib.optional (config.isLan) "${config.primaryName}.t2d.lan";
in
{
options = {
primaryName = mkOption {
type = nameish;
default = name;
};
altNames = mkOption {
type = types.listOf nameish;
default = [];
};
isLan = mkOption {
type = types.bool;
default = false;
};
finalNames = mkOption {
type = types.listOf nameish;
readOnly = true;
};
primaryIp = mkOption {
type = types.nullOr nameish;
default = null;
};
altIps = mkOption {
type = types.listOf nameish;
default = [];
};
finalIps = mkOption {
type = types.listOf nameish;
readOnly = true;
};
makeStaticHostsEntry = mkOption {
type = types.bool;
};
};
config = {
finalNames = lib.unique ([config.primaryName] ++ config.altNames ++ fullLanNames);
finalIps = lib.unique ((lib.optional (config.primaryIp != null) config.primaryIp) ++ config.altIps);
makeStaticHostsEntry = lib.mkDefault (config.primaryIp != null);
};
};
etcHostsParts = lib.concatMap (
hostMod:
lib.optional hostMod.makeStaticHostsEntry (
assert hostMod.primaryIp != null;
"${hostMod.primaryIp} ${lib.concatStringsSep " " hostMod.finalNames}"
)
) (builtins.attrValues config.vacu.hosts);
etcHostsText = lib.concatStringsSep "\n" etcHostsParts;
in
{
options.vacu = {
hosts = mkOption {
type = types.attrsOf (types.submodule hostModule);
default = {};
};
etcHostsText = mkOutOption etcHostsText;
};
config = {}
// lib.optionalAttrs (vacuModuleType == "nixos") { networking.extraHosts = config.vacu.etcHostsText; }
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") { environment.etc.hosts.text = config.vacu.etcHostsText; }
;
}

137
modules/ssh/module.nix Normal file
View File

@@ -0,0 +1,137 @@
{
lib,
pkgs,
config,
vaculib,
vacuModules,
vacuModuleType,
...
}:
let
inherit (lib)
mkOption
types
;
inherit (vaculib) mkOutOption;
knownHostsAddonModule = { config, ... }: {
options = {
sshKeys = mkOption {
type = types.coercedTo types.str lib.singleton (types.listOf types.str);
default = [];
};
sshUsername = mkOption {
type = types.nullOr types.str;
default = null;
};
sshPort = mkOption {
type = types.port;
default = 22;
};
sshHostname = mkOption {
type = types.str;
};
};
config = {
sshHostname = lib.mkDefault (if (config.primaryIp != null) then config.primaryIp else config.primaryName);
altNames = [ config.sshHostname ];
};
};
knownHostsParts = lib.concatMap (
hostMod:
let
knownNames = map (name: if hostMod.sshPort == 22 then name else "[${name}]:${toString hostMod.sshPort}") (hostMod.finalNames ++ hostMod.finalIps);
in
map (
sshKey:
lib.concatStringsSep "," knownNames
+ " "
+ sshKey
) hostMod.sshKeys
) (builtins.attrValues config.vacu.hosts);
knownHostsText = lib.concatStringsSep "\n" knownHostsParts;
hostConfigParts = map (
hostMod:
"Host ${hostMod.primaryName}\n"
+ lib.optionalString (hostMod.sshUsername != null) " User ${hostMod.sshUsername}\n"
+ lib.optionalString (hostMod.sshHostname != hostMod.primaryName) " HostName ${hostMod.sshHostname}\n"
+ lib.optionalString (hostMod.sshPort != 22) " Port ${toString hostMod.sshPort}\n"
) (builtins.attrValues config.vacu.hosts);
hostConfigText = lib.concatStringsSep "\n" hostConfigParts;
in
{
imports = [ vacuModules.knownHosts ];
options = {
vacu.hosts = mkOption { type = types.attrsOf (types.submodule knownHostsAddonModule); };
vacu.ssh.knownHostsText = mkOutOption knownHostsText;
vacu.ssh.authorizedKeys = mkOption {
type = types.attrsOf types.str;
default = { };
};
vacu.ssh.config = mkOption { type = types.lines; };
};
config = {
vacu.ssh.config = lib.mkMerge [
(lib.mkBefore hostConfigText)
(lib.mkAfter ''
Host *
User shelvacu
GlobalKnownHostsFile ${pkgs.writeText "known_hosts" config.vacu.ssh.knownHostsText}
'')
];
# vacu.ssh.config = ''
# Host deckvacu
# User deck
#
# Host rsb
# User user
# HostName finaltask.xyz
# Port 2222
#
# Host awoo
# HostName 45.142.157.71
#
# Host trip
# HostName trip.shelvacu.com
# Port 6922
#
# Host liam
# HostName 178.128.79.152
#
# Host pluto
# HostName pluto.somevideogam.es
#
# Host sdf
# HostName tty.sdf.org
#
# Host u
# User git
# HostName git.uninsane.org
#
# Host gl
# User git
# HostName gitlab.com
#
# Host gh
# User git
# HostName github.com
#
# Host rsyncnet
# User fm2382
# HostName fm2382.rsync.net
#
# Host rsn
# User fm2382
# HostName fm2382.rsync.net
#
# Host prop
# HostName prophecy.shelvacu.com
#
# Host *
# User shelvacu
# GlobalKnownHostsFile ${pkgs.writeText "known_hosts" config.vacu.ssh.knownHostsText}
# '';
}
// lib.optionalAttrs (vacuModuleType == "nixos") { programs.ssh.extraConfig = config.vacu.ssh.config; }
// lib.optionalAttrs (vacuModuleType == "nix-on-droid") { environment.etc."ssh/ssh_config".text = config.vacu.ssh.config; }
;
}