From a8baed9ba0af59a1ccde8f67a26af7a18d1ada22 Mon Sep 17 00:00:00 2001 From: Swarsel Date: Fri, 19 Jul 2024 22:38:52 +0200 Subject: [PATCH] feat: enable SSH Agent forwarding --- SwarselSystems.org | 222 +++++++++++++++++++-------------------------- 1 file changed, 93 insertions(+), 129 deletions(-) diff --git a/SwarselSystems.org b/SwarselSystems.org index 7a93daa..1b181ec 100644 --- a/SwarselSystems.org +++ b/SwarselSystems.org @@ -5468,140 +5468,104 @@ I use sops-nix to handle secrets that I want to have available on my machines at :CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08 :END: -It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. +It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host. #+begin_src nix :tangle profiles/common/home.nix - programs.ssh= { - enable = true; - extraConfig = "SetEnv TERM=xterm-256color"; - matchBlocks = { - "nginx" = { - hostname = "192.168.1.14"; - user = "root"; - }; - "jellyfin" = { - hostname = "192.168.1.16"; - user = "root"; - }; - "pfsense" = { - hostname = "192.168.1.1"; - user = "root"; - }; - "proxmox" = { - hostname = "192.168.1.2"; - user = "root"; - }; - "transmission" = { - hostname = "192.168.1.6"; - user = "root"; - }; - "fetcher" = { - hostname = "192.168.1.7"; - user = "root"; - }; - "omv" = { - hostname = "192.168.1.3"; - user = "root"; - }; - "webbot" = { - hostname = "192.168.1.11"; - user = "root"; - }; - "nextcloud" = { - hostname = "192.168.1.5"; - user = "root"; - }; - "sound" = { - hostname = "192.168.1.13"; - user = "root"; - }; - "spotify" = { - hostname = "192.168.1.17"; - user = "root"; - }; - "wordpress" = { - hostname = "192.168.1.9"; - user = "root"; - }; - "turn" = { - hostname = "192.168.1.18"; - user = "root"; - }; - "hugo" = { - hostname = "192.168.1.19"; - user = "root"; - }; - "matrix" = { - hostname = "192.168.1.23"; - user = "root"; - }; - "scroll" = { - hostname = "192.168.1.22"; - user = "root"; - }; - "minecraft" = { - hostname = "130.61.119.129"; - user = "opc"; - }; - "sync" = { - hostname = "193.122.53.173"; - user = "root"; #this is a oracle vm server but needs root due to nixos-infect - }; - "pkv" = { - hostname = "46.232.248.161"; - user = "root"; - }; - "nebula" = { - hostname = "128.131.171.15"; - user = "amp23s56"; - compression = true; - identityFile = "~/.ssh/id_ed25519"; - proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at"; - extraOptions = { - "TCPKeepAlive" = "yes"; + programs.ssh= { + enable = true; + forwardAgent = true; + extraConfig = '' + SetEnv TERM=xterm-256color + ''; + matchBlocks = { + "nginx" = { + hostname = "192.168.1.14"; + user = "root"; + }; + "jellyfin" = { + hostname = "192.168.1.16"; + user = "root"; + }; + "pfsense" = { + hostname = "192.168.1.1"; + user = "root"; + }; + "proxmox" = { + hostname = "192.168.1.2"; + user = "root"; + }; + "transmission" = { + hostname = "192.168.1.6"; + user = "root"; + }; + "fetcher" = { + hostname = "192.168.1.7"; + user = "root"; + }; + "omv" = { + hostname = "192.168.1.3"; + user = "root"; + }; + "webbot" = { + hostname = "192.168.1.11"; + user = "root"; + }; + "nextcloud" = { + hostname = "192.168.1.5"; + user = "root"; + }; + "sound" = { + hostname = "192.168.1.13"; + user = "root"; + }; + "spotify" = { + hostname = "192.168.1.17"; + user = "root"; + }; + "wordpress" = { + hostname = "192.168.1.9"; + user = "root"; + }; + "turn" = { + hostname = "192.168.1.18"; + user = "root"; + }; + "hugo" = { + hostname = "192.168.1.19"; + user = "root"; + }; + "matrix" = { + hostname = "192.168.1.23"; + user = "root"; + }; + "scroll" = { + hostname = "192.168.1.22"; + user = "root"; + }; + "minecraft" = { + hostname = "130.61.119.129"; + user = "opc"; + }; + "sync" = { + hostname = "193.122.53.173"; + user = "root"; #this is a oracle vm server but needs root due to nixos-infect + }; + "songdiver" = { + hostname = "89.168.100.65"; + user = "ubuntu"; + }; + "pkv" = { + hostname = "46.232.248.161"; + user = "root"; + }; + "efficient" = { + hostname = "g0.complang.tuwien.ac.at"; + forwardAgent = true; + user = "ep01427399"; + }; }; }; - "efficient" = { - hostname = "g0.complang.tuwien.ac.at"; - forwardAgent = true; - user = "ep01427399"; - - # leaving the below lines in for future reference - - # remoteForwards = [ - # { - # bind.address = "/run/user/21217/gnupg/S.gpg-agent"; - # host.address = "/run/user/1000/gnupg/S.gpg-agent.extra"; - # } - # { - # bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh"; - # host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh"; - # } - # ]; - # extraOptions = { - # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra"; - # "StreamLocalBindUnlink" = "yes"; - # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh"; - # }; - # setEnv = { - # "TERM" = "xterm"; - # }; - }; - "hydra" = { - hostname = "128.131.171.215"; - user = "hpc23w33"; - compression = true; - forwardAgent = true; - # identityFile = "~/.ssh/id_tuwien_hpc"; - # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at"; - proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at"; - extraOptions = { - "TCPKeepAlive" = "yes"; - }; - }; - }; - }; #+end_src