Port common SSH config from extension

2023-12-02 17:37:34 +01:00 · 2023-12-02 17:37:34 +01:00 · e01c454d68
parent cc13cabad5
commit e01c454d68
2 changed files with 26 additions and 2 deletions
--- a/hm/common.nix
+++ b/hm/common.nix
@ -274,8 +274,8 @@ in
          ".mypy_cache"
        ];
        lfs.enable = true;
-        userEmail = "geoffrey@frogeye.fr";
-        userName = "Geoffrey “Frogeye” Preud'homme";
+        userEmail = lib.mkDefault "geoffrey@frogeye.fr";
+        userName = lib.mkDefault "Geoffrey Frogeye";
        extraConfig = {
          core = {
            editor = "nvim";
--- a/hm/ssh.nix
+++ b/hm/ssh.nix
@ -0,0 +1,24 @@
+{ ... }:
+{
+  config = {
+    programs.ssh = {
+      enable = true;
+      controlMaster = "auto";
+      controlPersist = "60s"; # TODO Default is 10minutes... makes more sense no?
+      # Ping the server frequently enough so it doesn't think we left (non-spoofable)
+      serverAliveInterval = 30;
+      matchBlocks."*" = {
+        # Do not forward the agent (-A) to a machine by default,
+        # as it is kinda a security concern
+        forwardAgent = false;
+        # Restrict terminal features (servers don't necessarily have the terminfo for my cutting edge terminal)
+        sendEnv = [ "!TERM" ];
+        # TODO Why not TERM=xterm-256color?
+        extraOptions = {
+          # Check SSHFP records
+          VerifyHostKeyDNS = "yes";
+        };
+      };
+    };
+  };
+}