dotfiles/hm/ssh.nix

{ pkgs, lib, config, ... }:
{
  config = {
    frogeye.hooks.lock = ''
      ${pkgs.openssh}/bin/ssh-add -D
    '';
    programs.ssh = {
      enable = true;
      controlMaster = "auto";
      controlPersist = "60s"; # TODO Default is 10minutes... makes more sense no?
      # Ping the server frequently enough so it doesn't think we left (non-spoofable)
      serverAliveInterval = 30;
      matchBlocks."*" = {
        # Do not forward the agent (-A) to a machine by default,
        # as it is kinda a security concern
        forwardAgent = false;
        # Restrict terminal features (servers don't necessarily have the terminfo for my cutting edge terminal)
        sendEnv = [ "!TERM" ];
        # TODO Why not TERM=xterm-256color?
        extraOptions = {
          # Check SSHFP records
          VerifyHostKeyDNS = "yes";
        };
      };
    };
  };
}
xlock: Add option 2024-03-09 18:22:30 +01:00			`{ pkgs, lib, config, ... }:`
Port common SSH config from extension 2023-12-02 17:37:34 +01:00			`{`
			`config = {`
xlock: Add option 2024-03-09 18:22:30 +01:00			`frogeye.hooks.lock = ''`
			`${pkgs.openssh}/bin/ssh-add -D`
			`'';`
Port common SSH config from extension 2023-12-02 17:37:34 +01:00			`programs.ssh = {`
			`enable = true;`
			`controlMaster = "auto";`
			`controlPersist = "60s"; # TODO Default is 10minutes... makes more sense no?`
			`# Ping the server frequently enough so it doesn't think we left (non-spoofable)`
			`serverAliveInterval = 30;`
			`matchBlocks."*" = {`
			`# Do not forward the agent (-A) to a machine by default,`
			`# as it is kinda a security concern`
			`forwardAgent = false;`
			`# Restrict terminal features (servers don't necessarily have the terminfo for my cutting edge terminal)`
			`sendEnv = [ "!TERM" ];`
			`# TODO Why not TERM=xterm-256color?`
			`extraOptions = {`
			`# Check SSHFP records`
			`VerifyHostKeyDNS = "yes";`
			`};`
			`};`
			`};`
			`};`
			`}`