Add programs.ssh module to generate .ssh/config

This doesn't embed ALL the options for the ssh client, but I based it
on options I use regularly. Here's an example usage extracted and
edited from my home.nix:

```nix
  programs.ssh = {
    enable = true;
    forwardAgent = true;
    controlMaster = "auto";
    hosts = {
      "something.blah.edu" = {
        port = 1024;
        user = "cleague";
        identitiesOnly = true;
      };
      "host1 host2 host2.net host2.com" = {
        port = 7422;
        hostname = "example.com";
        serverAliveInterval = 60;
      };
      "lucian" = {
        forwardX11 = true;
        forwardX11Trusted = true;
        checkHostIP = false;
      };
    };
  };
```
This commit is contained in:
Christopher League 2017-05-08 23:30:37 -04:00
parent 8fab2a5d9b
commit 5770af8fd8
2 changed files with 147 additions and 0 deletions

View file

@ -20,6 +20,7 @@ let
./programs/git.nix
./programs/gnome-terminal.nix
./programs/lesspipe.nix
./programs/ssh.nix
./programs/texlive.nix
./services/dunst.nix
./services/gnome-keyring.nix

146
modules/programs/ssh.nix Normal file
View file

@ -0,0 +1,146 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.programs.ssh;
yn = flag: if flag then "yes" else "no";
hostModule = types.submodule ({...}: {
options = {
port = mkOption {
type = types.nullOr types.int;
default = null;
description = "Specifies port number to connect on remote host.";
};
forwardX11 = mkOption {
type = types.bool;
default = false;
description = ''
Specifies whether X11 connections will be automatically redirected
over the secure channel and DISPLAY set.
'';
};
forwardX11Trusted = mkOption {
type = types.bool;
default = false;
description = ''
Specifies whether remote X11 clients will have full access to the
original X11 display.
'';
};
identitiesOnly = mkOption {
type = types.bool;
default = false;
description = ''
Specifies that ssh should only use the authentication identity
explicitly configured in the .ssh/config files or passed on the
ssh command-line, even if ssh-agent offers more identities.
'';
};
identityFile = mkOption {
type = types.nullOr types.string;
default = null;
description = ''
Specifies a file from which user's identity is read.
'';
};
user = mkOption {
type = types.nullOr types.string;
default = null;
description = "Specifies the user to log in as.";
};
hostname = mkOption {
type = types.nullOr types.string;
default = null;
description = "Specifies the real host name to log into.";
};
serverAliveInterval = mkOption {
type = types.int;
default = 0;
description =
"Set timeout in seconds after which response will be requested.";
};
checkHostIP = mkOption {
type = types.bool;
default = true;
description = "Check that host IP address in the known_hosts file.";
};
};
});
hostStr = host: cf: concatStringsSep "\n" (
["Host ${host}"]
++ optional (cf.port != null) " Port ${toString cf.port}"
++ optional cf.forwardX11 " ForwardX11 yes"
++ optional cf.forwardX11Trusted " ForwardX11Trusted yes"
++ optional cf.identitiesOnly " IdentitiesOnly yes"
++ optional (cf.user != null) " User ${cf.user}"
++ optional (cf.identityFile != null) " IdentityFile ${cf.identityFile}"
++ optional (cf.hostname != null) " HostName ${cf.hostname}"
++ optional (cf.serverAliveInterval != 0)
" ServerAliveInterval ${toString cf.serverAliveInterval}"
++ optional (!cf.checkHostIP) " CheckHostIP no"
);
in
{
options.programs.ssh = {
enable = mkEnableOption "SSH Client Configuration";
forwardAgent = mkOption {
default = false;
type = types.bool;
description = ''
Whether connection to authentication agent (if any) will be forwarded
to remote machine.
'';
};
controlMaster = mkOption {
default = "no";
type = types.enum ["yes" "no" "ask" "auto" "autoask"];
description = ''
Configure sharing of multiple sessions over a single network connection.
'';
};
controlPath = mkOption {
type = types.string;
default = "~/.ssh/master-%r@%h:%p";
description = ''
Specify path to the control socket used for connection sharing.
'';
};
hosts = mkOption {
type = types.attrsOf hostModule;
default = {};
description = ''
Specify per-host settings.
'';
};
};
config = mkIf cfg.enable {
home.file.".ssh/config".text = ''
ForwardAgent ${yn cfg.forwardAgent}
ControlMaster ${cfg.controlMaster}
ControlPath ${cfg.controlPath}
${concatStringsSep "\n\n" (mapAttrsToList hostStr cfg.hosts)}
'';
};
}