2024-12-15 00:29:51 +01:00
|
|
|
{
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
config,
|
|
|
|
...
|
|
|
|
}:
|
2023-12-02 17:37:34 +01:00
|
|
|
{
|
|
|
|
config = {
|
2024-03-09 18:22:30 +01:00
|
|
|
frogeye.hooks.lock = ''
|
|
|
|
${pkgs.openssh}/bin/ssh-add -D
|
|
|
|
'';
|
2023-12-02 17:37:34 +01:00
|
|
|
programs.ssh = {
|
|
|
|
enable = true;
|
|
|
|
controlMaster = "auto";
|
|
|
|
controlPersist = "60s"; # TODO Default is 10minutes... makes more sense no?
|
|
|
|
# Ping the server frequently enough so it doesn't think we left (non-spoofable)
|
|
|
|
serverAliveInterval = 30;
|
|
|
|
matchBlocks."*" = {
|
|
|
|
# Do not forward the agent (-A) to a machine by default,
|
|
|
|
# as it is kinda a security concern
|
|
|
|
forwardAgent = false;
|
|
|
|
# Restrict terminal features (servers don't necessarily have the terminfo for my cutting edge terminal)
|
|
|
|
sendEnv = [ "!TERM" ];
|
|
|
|
# TODO Why not TERM=xterm-256color?
|
|
|
|
extraOptions = {
|
|
|
|
# Check SSHFP records
|
|
|
|
VerifyHostKeyDNS = "yes";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|