feat: automate SSH config ('known_hosts', 'authorized_keys' ...)

2026-01-17 17:37:37 +01:00
parent 33b022c659
commit 8464884fdb
15 changed files with 143 additions and 9 deletions
--- a/home/hosts/andromache/default.nix
+++ b/home/hosts/andromache/default.nix
@@ -14,6 +14,7 @@ in
    ../../modules/desktop/niri
    ../../modules/git.nix
    ../../modules/k9s.nix
+    ../../modules/ssh.nix
    ../../modules/taskwarrior.nix
    ../../modules/keepassxc.nix
    ../../modules/anki.nix
--- a/home/hosts/astyanax/default.nix
+++ b/home/hosts/astyanax/default.nix
@@ -14,6 +14,7 @@ in
    ../../modules/desktop/niri
    ../../modules/git.nix
    ../../modules/k9s.nix
+    ../../modules/ssh.nix
    ../../modules/taskwarrior.nix
    ../../modules/keepassxc.nix
    ../../modules/browser
--- a/home/modules/ssh.nix
+++ b/home/modules/ssh.nix
@@ -0,0 +1,25 @@
+{
+  outputs,
+  lib,
+  ...
+}:
+let
+  nixosConfigs = builtins.attrNames outputs.nixosConfigurations;
+  homeConfigs = map (n: lib.last (lib.splitString "@" n)) (
+    builtins.attrNames outputs.homeConfigurations
+  );
+  allHosts = lib.unique (homeConfigs ++ nixosConfigs);
+  hostsWithKeys = lib.filter (
+    hostname: builtins.pathExists ../../hosts/${hostname}/ssh_host.pub
+  ) allHosts;
+in
+{
+  programs.ssh = {
+    enable = true;
+    enableDefaultConfig = false;
+
+    matchBlocks = lib.genAttrs hostsWithKeys (hostname: {
+      host = hostname;
+    });
+  };
+}
--- a/home/ssh.pub
+++ b/home/ssh.pub
@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax
				`@@ -0,0 +1 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax`