ssh: consolidate other-hosts-config in shared module

khaneliman · Jan 5, 2025 · 496e869 · 496e869
1 parent 6144c31
commit 496e869
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 110 deletions.
diff --git a/modules/darwin/programs/terminal/tools/ssh/default.nix b/modules/darwin/programs/terminal/tools/ssh/default.nix
@@ -1,62 +1,7 @@
 {
-  config,
   lib,
-  inputs,
-  host,
-  namespace,
   ...
 }:
-let
-  cfg = config.${namespace}.programs.terminal.tools.ssh;
-
-  name = host;
-
-  user = config.users.users.${config.${namespace}.user.name};
-  user-id = builtins.toString user.uid;
-
-  other-hosts = lib.filterAttrs (
-    key: host: key != name && (host.config.${namespace}.user.name or null) != null
-  ) ((inputs.self.nixosConfigurations or { }) // (inputs.self.darwinConfigurations or { }));
-
-  other-hosts-config = lib.concatMapStringsSep "\n" (
-    name:
-    let
-      remote = other-hosts.${name};
-      remote-user-name = remote.config.${namespace}.user.name;
-      remote-user-id = builtins.toString remote.config.users.users.${remote-user-name}.uid;
-
-      forward-gpg =
-        lib.optionalString (config.programs.gnupg.agent.enable && remote.config.programs.gnupg.agent.enable)
-          ''
-            RemoteForward /run/user/${remote-user-id}/gnupg/S.gpg-agent /run/user/${user-id}/gnupg/S.gpg-agent.extra
-            RemoteForward /run/user/${remote-user-id}/gnupg/S.gpg-agent.ssh /run/user/${user-id}/gnupg/S.gpg-agent.ssh
-          '';
-      port-expr =
-        if builtins.hasAttr name inputs.self.nixosConfigurations then
-          "Port ${builtins.toString cfg.port}"
-        else
-          "";
-    in
-    ''
-      Host ${name}
-        Hostname ${name}.local
-        User ${remote-user-name}
-        ForwardAgent yes
-        ${port-expr}
-        ${forward-gpg}
-    ''
-  ) (builtins.attrNames other-hosts);
-in
 {
   imports = [ (lib.snowfall.fs.get-file "modules/shared/programs/terminal/tools/ssh/default.nix") ];
-
-  config = lib.mkIf cfg.enable {
-    programs.ssh = {
-      extraConfig = ''
-        ${other-hosts-config}
-
-        ${cfg.extraConfig}
-      '';
-    };
-  };
 }
diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix
@@ -1,8 +1,6 @@
 {
   config,
   format,
-  host,
-  inputs,
   lib,
   namespace,
   ...
@@ -12,51 +10,10 @@ let
     types
     mkDefault
     mkIf
-    foldl
-    optionalString
     ;
   inherit (lib.${namespace}) mkBoolOpt mkOpt;
 
   cfg = config.${namespace}.services.openssh;
-
-  host' = host;
-  user = config.users.users.${config.${namespace}.user.name};
-  user-id = builtins.toString user.uid;
-
-  default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJAZIwy7nkz8CZYR/ZTSNr+7lRBW2AYy1jw06b44zaID";
-
-  other-hosts = lib.filterAttrs (
-    key: host: key != host' && (host.config.${namespace}.user.name or null) != null
-  ) ((inputs.self.nixosConfigurations or { }) // (inputs.self.darwinConfigurations or { }));
-
-  other-hosts-config = lib.concatMapStringsSep "\n" (
-    name:
-    let
-      remote = other-hosts.${name};
-      remote-user-name = remote.config.${namespace}.user.name;
-      remote-user-id = builtins.toString remote.config.users.users.${remote-user-name}.uid;
-
-      forward-gpg =
-        optionalString (config.programs.gnupg.agent.enable && remote.config.programs.gnupg.agent.enable)
-          ''
-            RemoteForward /run/user/${remote-user-id}/gnupg/S.gpg-agent /run/user/${user-id}/gnupg/S.gpg-agent.extra
-            RemoteForward /run/user/${remote-user-id}/gnupg/S.gpg-agent.ssh /run/user/${user-id}/gnupg/S.gpg-agent.ssh
-          '';
-      port-expr =
-        if builtins.hasAttr name inputs.self.nixosConfigurations then
-          "Port ${builtins.toString cfg.port}"
-        else
-          "";
-    in
-    ''
-      Host ${name}
-        Hostname ${name}.local
-        User ${remote-user-name}
-        ForwardAgent yes
-        ${port-expr}
-        ${forward-gpg}
-    ''
-  ) (builtins.attrNames other-hosts);
 in
 {
   options.${namespace}.services.openssh = with types; {
@@ -122,23 +79,11 @@ in
     };
 
     programs.ssh = {
-      extraConfig = ''
-        ${other-hosts-config}
-
-        ${cfg.extraConfig}
-      '';
-
       startAgent = lib.mkDefault true;
     };
 
     khanelinix = {
       user.extraOptions.openssh.authorizedKeys.keys = cfg.authorizedKeys;
-
-      home.extraOptions = {
-        programs.zsh.shellAliases = foldl (
-          aliases: system: aliases // { "ssh-${system}" = "ssh ${system} -t tmux a"; }
-        ) { } (builtins.attrNames other-hosts);
-      };
     };
   };
 }
diff --git a/modules/shared/programs/terminal/tools/ssh/default.nix b/modules/shared/programs/terminal/tools/ssh/default.nix
@@ -1,13 +1,53 @@
 {
   config,
   lib,
+  inputs,
+  host,
   namespace,
   ...
 }:
 let
   inherit (lib.${namespace}) mkBoolOpt mkOpt;
 
   cfg = config.${namespace}.programs.terminal.tools.ssh;
+
+  name = host;
+
+  user = config.users.users.${config.${namespace}.user.name};
+  user-id = builtins.toString user.uid;
+
+  other-hosts = lib.filterAttrs (
+    key: host: key != name && (host.config.${namespace}.user.name or null) != null
+  ) ((inputs.self.nixosConfigurations or { }) // (inputs.self.darwinConfigurations or { }));
+
+  other-hosts-config = lib.concatMapStringsSep "\n" (
+    name:
+    let
+      remote = other-hosts.${name};
+      remote-user-name = remote.config.${namespace}.user.name;
+      remote-user-id = builtins.toString remote.config.users.users.${remote-user-name}.uid;
+
+      forward-gpg =
+        lib.optionalString (config.programs.gnupg.agent.enable && remote.config.programs.gnupg.agent.enable)
+          ''
+            RemoteForward /run/user/${remote-user-id}/gnupg/S.gpg-agent /run/user/${user-id}/gnupg/S.gpg-agent.extra
+            RemoteForward /run/user/${remote-user-id}/gnupg/S.gpg-agent.ssh /run/user/${user-id}/gnupg/S.gpg-agent.ssh
+          '';
+      port-expr =
+        if builtins.hasAttr name inputs.self.nixosConfigurations then
+          "Port ${builtins.toString cfg.port}"
+        else
+          "";
+    in
+    ''
+      Host ${name}
+        Hostname ${name}.local
+        User ${remote-user-name}
+        ForwardAgent yes
+        ${port-expr}
+        ${forward-gpg}
+    ''
+  ) (builtins.attrNames other-hosts);
 in
 {
   options.${namespace}.programs.terminal.tools.ssh = with lib.types; {
@@ -18,6 +58,12 @@ in
 
   config = lib.mkIf cfg.enable {
     programs.ssh = {
+      extraConfig = ''
+        ${other-hosts-config}
+
+        ${cfg.extraConfig}
+      '';
+
       # Ship GitHub/GitLab/SourceHut host keys to avoid “man in the middle” attacks
       knownHosts = lib.mapAttrs (_: lib.mkForce) {
         github-rsa = {
@@ -51,5 +97,14 @@ in
         };
       };
     };
+
+    khanelinix = {
+      home.extraOptions = {
+        programs.zsh.shellAliases = lib.foldl (
+          aliases: system: aliases // { "ssh-${system}" = "ssh ${system} -t tmux a"; }
+        ) { } (builtins.attrNames other-hosts);
+      };
+    };
+
   };
 }