commit 55794c7e6f1113f0fcfc2d66dce7bb605bea7325
parent e01b2f8531d5d816859140024cad4ec8527cde8d
Author: breadcat <breadcat@users.noreply.github.com>
Date: Wed, 6 Aug 2025 11:25:01 +0100
Use privatekey variable
Diffstat:
6 files changed, 28 insertions(+), 25 deletions(-)
diff --git a/common/ssh-tunnel.nix b/common/ssh-tunnel.nix
@@ -1,4 +1,4 @@
-{ pkgs, username, domain, sshport, ... }:
+{ pkgs, username, domain, sshport, privatekey, ... }:
{
systemd.services.reverse-ssh-tunnel = {
@@ -8,7 +8,7 @@
wantedBy = [ "multi-user.target" ];
serviceConfig = {
- ExecStart = "${pkgs.openssh}/bin/ssh -NTg -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=accept-new -p ${toString sshport} -i /home/${username}/vault/docs/secure/ssh-key-2022-02-16.key -R 55013:localhost:22 ${username}@${domain}";
+ ExecStart = "${pkgs.openssh}/bin/ssh -NTg -o ServerAliveInterval=30 -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=accept-new -p ${toString sshport} -i ${privatekey} -R 55013:localhost:22 ${username}@${domain}";
Restart = "always";
RestartSec = "10s";
User = "${username}";
diff --git a/entrypoint.nix b/entrypoint.nix
@@ -5,7 +5,7 @@
...
}: let
vars = import ./variables.nix { inherit lib; };
- inherit (vars) fullname username domain email sshkey sshport timezone htpasswd vpnusername vpnpassword todosecret;
+ inherit (vars) fullname username domain email sshkey sshport timezone htpasswd vpnusername vpnpassword todosecret privatekey;
hostname =
if builtins.pathExists "/etc/hostname"
@@ -16,6 +16,6 @@
osConfigPath = ./machines + "/${machine}.nix";
in {
imports = [
- (import osConfigPath { inherit config pkgs lib fullname username domain email sshkey sshport timezone htpasswd vpnusername vpnpassword todosecret machine ; })
+ (import osConfigPath { inherit config pkgs lib fullname username domain email sshkey sshport timezone htpasswd vpnusername vpnpassword todosecret privatekey machine ; })
];
}
\ No newline at end of file
diff --git a/home/ssh.nix b/home/ssh.nix
@@ -1,37 +1,30 @@
-{ domain, username, sshport, ... }:
+{ domain, username, sshport, privatekey, ... }:
{
programs.ssh = {
enable = true;
-
matchBlocks = {
- "minskio" = {
- hostname = "${domain}";
- user = "${username}";
- port = sshport;
- identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
- };
"tunnel" = {
hostname = "${domain}";
user = "${username}";
port = sshport;
- identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
+ identityFile = "${privatekey}";
extraOptions = {
- RemoteCommand = "ssh -p 55013 ${username}@localhost -i ~/vault/docs/secure/ssh-key-2022-02-16.key";
+ RemoteCommand = "ssh -p 55013 ${username}@localhost -i ${privatekey}";
RequestTTY = "force";
};
};
- "htpc" = {
+ "arcadia" = {
hostname = "192.168.1.6";
user = "${username}";
port = 22;
- identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
+ identityFile = "${privatekey}";
};
- "nas" = {
+ "ilias" = {
hostname = "192.168.1.3";
user = "${username}";
port = 22;
- identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
+ identityFile = "${privatekey}";
};
"router" = {
hostname = "192.168.1.1";
@@ -47,10 +40,16 @@
};
};
"artemis" = {
- hostname = "artemis.${domain}";
+ hostname = "${domain}";
+ user = "${username}";
+ port = sshport;
+ identityFile = "${privatekey}";
+ };
+ "atlas" = {
+ hostname = "old.${domain}";
user = "${username}";
port = sshport;
- identityFile = "~/vault/docs/secure/ssh-key-2022-02-16.key";
+ identityFile = "${privatekey}";
};
};
};
diff --git a/machines/artemis.nix b/machines/artemis.nix
@@ -14,6 +14,7 @@
todosecret,
vpnusername,
vpnpassword,
+ privatekey,
...
}: let
home-manager = builtins.fetchTarball https://github.com/nix-community/home-manager/archive/release-25.05.tar.gz; # Stable
@@ -48,7 +49,7 @@ in {
../home/htop.nix
../home/neovim.nix
(import ../home/rbw.nix {inherit pkgs domain email;})
- (import ../home/ssh.nix {inherit domain username sshport;})
+ (import ../home/ssh.nix {inherit domain username sshport privatekey;})
];
home.stateVersion = "25.05";
};
diff --git a/machines/ilias.nix b/machines/ilias.nix
@@ -10,6 +10,7 @@
sshkey,
sshport,
timezone,
+ privatekey,
...
}: let
media-sort = import ../common/media-sort.nix {inherit pkgs;};
@@ -27,6 +28,7 @@ in {
../common/packages.nix
(import ../common/restic.nix {inherit pkgs username;})
(import ../common/ssh-tunnel.nix {inherit config pkgs username domain sshport;})
+ (import ../common/ssh-tunnel.nix {inherit config pkgs username domain sshport privatekey;})
(import ../common/ssh.nix {inherit username sshkey sshport;})
(import ../common/syncthing.nix {inherit config pkgs username;})
(import ../common/tank-log.nix {inherit pkgs username;})
@@ -60,7 +62,7 @@ in {
../home/htop.nix
../home/neovim.nix
(import ../home/rbw.nix {inherit pkgs domain email;})
- (import ../home/ssh.nix {inherit domain username sshport;})
+ (import ../home/ssh.nix {inherit domain username sshport privatekey;})
];
# The state version is required and should stay at the version you
# originally installed.
diff --git a/variables.sample.nix b/variables.sample.nix
@@ -5,13 +5,14 @@ let
username = lib.strings.toLower fullname;
domain = "domain.com";
email = "${username}@${domain}";
- sshkey = "ssh-rsa yourkeyhere";
+ sshkey = "ssh-rsa yourpubkeyhere";
sshport = 2222;
timezone = "Europe/London";
htpasswd = ""; # caddy hash-password --plaintext "yourpassword" | base64 -w0
vpnusername = "";
vpnpassword = "";
- todosecret = "";
+ todosecret = "JWTtoken";
+ privatekey = "path/to/private.key";
in {
- inherit fullname username domain email sshkey sshport timezone vpnusername vpnpassword todosecret;
+ inherit fullname username domain email sshkey sshport timezone vpnusername vpnpassword todosecret privatekey;
}
\ No newline at end of file
