Initial commit

modules/desktop/openssh.nix

@@ -0,0 +1,62 @@
+{ config, lib, pkgs, username, ... }:
+let socket = "/run/${username}/1000/ssh-agent";
+in {
+  hm = {
+    programs.ssh = {
+      enable = true;
+      hashKnownHosts = true;
+
+      matchBlocks = {
+        "cepheus" = {
+          hostname = "nothing.run";
+          user = "root";
+          port = 22;
+        };
+      };
+
+      extraConfig = "ObscureKeystrokeTiming yes";
+      forwardAgent = true;
+      addKeysToAgent = "yes";
+    };
+    services.ssh-agent.enable = true;
+    home.sessionVariables = {
+      # SSH_ASKPASS = lib.mkForce pkgs.kdePackages.ksshaskpass;
+      SSH_AUTH_SOCK = socket;
+    };
+  };
+  imp.home.dirs = [ ".ssh" ];
+  services.openssh = {
+    enable = lib.mkDefault false;
+    openFirewall = lib.mkDefault false;
+  };
+
+  systemd.user.services.ssh-agent-delete-keys =
+  let 
+    ssh-add = "${pkgs.openssh}/bin/ssh-add";
+    script = pkgs.writeShellScript "ssh-agent-delete-keys" ''
+while true; do
+  state="$(${ssh-add} -l)"
+  # if (echo $state | grep -i "The agent has no identities"); then
+  if [[ $state != *"The agent has no identities"* ]]; then
+    echo "Detected adding of key: $(${ssh-add} -l)"
+    sleep $SSH_AGENT_KEY_LIFETIME
+    ${ssh-add} -D
+    echo "Deleted the key: $(${ssh-add} -l)"
+  fi
+  sleep 2
+done
+  '';
+  in {
+    enable = true;
+    after = [ "ssh-agent.service" ];
+    wantedBy = [ "default.target" ];
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = script;
+    };
+    environment = {
+      SSH_AUTH_SOCK = socket;
+      SSH_AGENT_KEY_LIFETIME = "180";
+    };
+  };
+}