feat: enable SSH Agent forwarding

2025-12-06 09:07:21 +01:00 · 2024-07-19 22:38:52 +02:00 · 2024-07-19 22:38:52 +02:00 · a8baed9ba0
commit a8baed9ba0
parent 193cf5748e
1 changed files with 93 additions and 129 deletions
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@ -5468,140 +5468,104 @@ I use sops-nix to handle secrets that I want to have available on my machines at
 :CUSTOM_ID: h:edd6720e-1f90-40bf-b6f9-30a19d4cae08
 :END:
-It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters.
+It is very convenient to have SSH aliases in place for machines that I use. This is mainly used for some server machines and some university clusters. We also enable agent forwarding to have our Yubikey SSH key accessible on the remote host.
 #+begin_src nix :tangle profiles/common/home.nix
-  programs.ssh= {
+      programs.ssh= {
-    enable = true;
+        enable = true;
-    extraConfig = "SetEnv TERM=xterm-256color";
+        forwardAgent = true;
-    matchBlocks = {
+        extraConfig = ''
-      "nginx" = {
+    SetEnv TERM=xterm-256color
-        hostname = "192.168.1.14";
+  '';
-        user = "root";
+        matchBlocks = {
-      };
+          "nginx" = {
-      "jellyfin" = {
+            hostname = "192.168.1.14";
-        hostname = "192.168.1.16";
+            user = "root";
-        user = "root";
+          };
-      };
+          "jellyfin" = {
-      "pfsense" = {
+            hostname = "192.168.1.16";
-        hostname = "192.168.1.1";
+            user = "root";
-        user = "root";
+          };
-      };
+          "pfsense" = {
-      "proxmox" = {
+            hostname = "192.168.1.1";
-        hostname = "192.168.1.2";
+            user = "root";
-        user = "root";
+          };
-      };
+          "proxmox" = {
-      "transmission" = {
+            hostname = "192.168.1.2";
-        hostname = "192.168.1.6";
+            user = "root";
-        user = "root";
+          };
-      };
+          "transmission" = {
-      "fetcher" = {
+            hostname = "192.168.1.6";
-        hostname = "192.168.1.7";
+            user = "root";
-        user = "root";
+          };
-      };
+          "fetcher" = {
-      "omv" = {
+            hostname = "192.168.1.7";
-        hostname = "192.168.1.3";
+            user = "root";
-        user = "root";
+          };
-      };
+          "omv" = {
-      "webbot" = {
+            hostname = "192.168.1.3";
-        hostname = "192.168.1.11";
+            user = "root";
-        user = "root";
+          };
-      };
+          "webbot" = {
-      "nextcloud" = {
+            hostname = "192.168.1.11";
-        hostname = "192.168.1.5";
+            user = "root";
-        user = "root";
+          };
-      };
+          "nextcloud" = {
-      "sound" = {
+            hostname = "192.168.1.5";
-        hostname = "192.168.1.13";
+            user = "root";
-        user = "root";
+          };
-      };
+          "sound" = {
-      "spotify" = {
+            hostname = "192.168.1.13";
-        hostname = "192.168.1.17";
+            user = "root";
-        user = "root";
+          };
-      };
+          "spotify" = {
-      "wordpress" = {
+            hostname = "192.168.1.17";
-        hostname = "192.168.1.9";
+            user = "root";
-        user = "root";
+          };
-      };
+          "wordpress" = {
-      "turn" = {
+            hostname = "192.168.1.9";
-        hostname = "192.168.1.18";
+            user = "root";
-        user = "root";
+          };
-      };
+          "turn" = {
-      "hugo" = {
+            hostname = "192.168.1.18";
-        hostname = "192.168.1.19";
+            user = "root";
-        user = "root";
+          };
-      };
+          "hugo" = {
-      "matrix" = {
+            hostname = "192.168.1.19";
-        hostname = "192.168.1.23";
+            user = "root";
-        user = "root";
+          };
-      };
+          "matrix" = {
-      "scroll" = {
+            hostname = "192.168.1.23";
-        hostname = "192.168.1.22";
+            user = "root";
-        user = "root";
+          };
-      };
+          "scroll" = {
-      "minecraft" = {
+            hostname = "192.168.1.22";
-        hostname = "130.61.119.129";
+            user = "root";
-        user = "opc";
+          };
-      };
+          "minecraft" = {
-      "sync" = {
+            hostname = "130.61.119.129";
-        hostname = "193.122.53.173";
+            user = "opc";
-        user = "root"; #this is a oracle vm server but needs root due to nixos-infect
+          };
-      };
+          "sync" = {
-      "pkv" = {
+            hostname = "193.122.53.173";
-        hostname = "46.232.248.161";
+            user = "root"; #this is a oracle vm server but needs root due to nixos-infect
-        user = "root";
+          };
-      };
+          "songdiver" = {
-      "nebula" = {
+            hostname = "89.168.100.65";
-        hostname = "128.131.171.15";
+            user = "ubuntu";
-        user = "amp23s56";
+          };
-        compression = true;
+          "pkv" = {
-        identityFile = "~/.ssh/id_ed25519";
+            hostname = "46.232.248.161";
-        proxyCommand = "ssh -p 1022 -i ~/.ssh/id_ed25519 -q -W %h:%p %r@venus.par.tuwien.ac.at";
+            user = "root";
-        extraOptions = {
+          };
-          "TCPKeepAlive" = "yes";
+             "efficient" = {
            hostname = "g0.complang.tuwien.ac.at";
            forwardAgent = true;
            user = "ep01427399";
          };
        };
      };
      "efficient" = {
        hostname = "g0.complang.tuwien.ac.at";
        forwardAgent = true;
        user = "ep01427399";
        # leaving the below lines in for future reference
        # remoteForwards = [
        #   {
        #     bind.address = "/run/user/21217/gnupg/S.gpg-agent";
        #     host.address = "/run/user/1000/gnupg/S.gpg-agent.extra";
        #   }
        #   {
        #     bind.address = "/run/user/21217/gnupg/S.gpg-agent.ssh";
        #     host.address = "/run/user/1000/gnupg/S.gpg-agent.ssh";
        #   }
        # ];
        # extraOptions = {
        # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra";
        # "StreamLocalBindUnlink" = "yes";
        # "RemoteForward" = "/run/user/21217/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh";
        # };
        # setEnv = {
        #   "TERM" = "xterm";
        # };
      };
      "hydra" = {
        hostname = "128.131.171.215";
        user = "hpc23w33";
        compression = true;
        forwardAgent = true;
        # identityFile = "~/.ssh/id_tuwien_hpc";
        # proxyCommand = "ssh -p 1022 -i ~/.ssh/id_tuwien_hpc -q -W %h:%p %r@venus.par.tuwien.ac.at";
        proxyCommand = "ssh -p 1022 -q -W %h:%p %r@venus.par.tuwien.ac.at";
        extraOptions = {
          "TCPKeepAlive" = "yes";
        };
      };
    };
  };
 #+end_src