plumjam/nixos - Change EI6RKRFQK7NXVUAD675ZYCC6VS5LMDKLYFW3IP35LZ37XPCSLCXQC

dendritic: Migrate SSH configs.

Created by PlumJam on January 10, 2026

EI6RKRFQK7NXVUAD675ZYCC6VS5LMDKLYFW3IP35LZ37XPCSLCXQC

Dependencies

In channels

main

Change contents

File deletion: openssh.nix

BF:BFD[3.2] → [4.790:825]

BF:BFD[4.825] → [4.75:75]

B:BD[4.75] → [4.76:781]

B:BD[4.782] → [4.782:789]

{ config, lib, ... }: let
  inherit (lib) enabled mkIf types;
in {
  options.openssh = {
    enable = lib.mkEnableOption "openssh";
    idFile = lib.mkOption {
      type = types.path;
      example = "/run/agenix/id";
      description = "Path to the secret SSH id file";
    };
  };
  config = mkIf config.openssh.enable {
    age.secrets.id.rekeyFile = config.openssh.idFile;
    services.openssh = enabled {
      hostKeys = [{
        type = "ed25519";
        path = config.age.secrets.id.path;
      }];
      settings = {
        PasswordAuthentication       = false;
        KbdInteractiveAuthentication = false;
        AcceptEnv                    = [ "SHELLS" "COLORTERM" ];
      };
    };
  };
}

File addition: ssh.nix (----------)

[3.2]

let
  commonModule =
    { pkgs, ... }:
    let
      identityPath = "/home/jam/.ssh/id";
    in
    {
      environment.systemPackages = [ pkgs.mosh ];
      sshConfig = ''
        strictHostKeyChecking accept-new
        identitiesOnly yes
        Match *
        COLORTERM=truecolor
        TERM=xterm-256color
        controlMaster auto
        controlPersist 60m
        serverAliveCount 2
        serverAliveInterval 60
        IdentityFile ${identityPath}
      '';
    };
in
{
  config.flake.modules.hjem.ssh = {
  };
  config.flake.modules.nixos.ssh = {
  };
  config.flake.modules.darwin.ssh = {
  };
  config.flake.modules.nixos.openssh =
    { config, lib, ... }:
    let
      inherit (lib)
        mkIf
        mkEnableOption
        ;
    in
    {
      options.openssh = {
        enable = mkEnableOption "openssh";
      };
      config = mkIf config.openssh.enable {
        services.openssh = {
          enable = true;
          hostKeys = [
            {
              type = "ed25519";
              path = config.age.secrets.id.path;
            }
          ];
          settings = {
            PasswordAuthentication = false;
            KbdInteractiveAuthentication = false;
            AcceptEnv = [
              "SHELLS"
              "COLORTERM"
            ];
          };
        };
      };
    };
  config.flake.modules.darwin.openssh =
    { config, lib, ... }:
    let
      inherit (lib)
        mkIf
        mkEnableOption
        ;
    in
    {
      options.openssh = {
        enable = mkEnableOption "openssh";
      };
      config = mkIf config.openssh.enable {
        services.openssh.enable = true;
      };
    };
}

File move: keys.mod.nix → keys.nix
BF:BFD[3.2] → [5.117:153]
BF:BF[5.153] → [6.375:375]
[3.2]
[6.375]
Deletion in modules/keys.nix at line 1 [6.375]
B:BD[6.375] → [2.82596:82610]
```
{ lib, ... }:
```

Replacement in modules/keys.nix at line 2 [6.375]

∅:D[2.82614] → [5.172:183]

B:BD[5.172] → [5.172:183]

B:BD[5.183] → [2.82615:82713]

∅:D[2.82713] → [5.282:812]

B:BD[5.282] → [5.282:812]

  keys = {
    jam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7WV4+7uhIWQVHEN/2K0jJPTaZ/HbG3W8OKSpzmPBI4 jam";
    plum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBH1S3dhOYCCltqrseHc3YZFHc9XU90PsvDo7frzUGrr root@plum";
    pear = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2/Pg/5ohT3Dacnzjw9pvkeoQ1hEFwG5l1vRkr3v2sQ root@pear";
    kiwi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElcSHxI64xqUUKEY83tKyzEH+fYT5JCWn3qCqtw16af root@kiwi";
    date = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzfoVKZDyiyyMiX1JRFaaTELspG25MlLNq0kI2AANTa root@date";
    yuzu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDLlddona4PlORWd+QpR/7F5H46/Dic9vV23/YSrZl0 root@yuzu";
  };

[2.82614]

[2.82714]

  commonModule =
    { lib, ... }:
    let
      keys = {
        jam = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA7WV4+7uhIWQVHEN/2K0jJPTaZ/HbG3W8OKSpzmPBI4 jam";
        plum = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBH1S3dhOYCCltqrseHc3YZFHc9XU90PsvDo7frzUGrr root@plum";
        pear = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL2/Pg/5ohT3Dacnzjw9pvkeoQ1hEFwG5l1vRkr3v2sQ root@pear";
        kiwi = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIElcSHxI64xqUUKEY83tKyzEH+fYT5JCWn3qCqtw16af root@kiwi";
        date = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzfoVKZDyiyyMiX1JRFaaTELspG25MlLNq0kI2AANTa root@date";
        yuzu = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFDLlddona4PlORWd+QpR/7F5H46/Dic9vV23/YSrZl0 root@yuzu";
      };
    in
    {
      options.flake.keys = lib.mkOption {
        type = with lib.types; attrsOf anything;
        default = { };
        description = "SSH public keys";
      };
      config.flake.keys = keys // {
        admins = [ keys.jam ];
        all = builtins.attrValues keys;
      };
    };

Replacement in modules/keys.nix at line 28 [6.375]

∅:D[2.82719] → [5.817:876]

B:BD[5.817] → [5.817:876]

B:BD[5.876] → [2.82720:82756]

∅:D[2.82756] → [5.915:920]

B:BD[5.915] → [5.915:920]

  config.flake.keys = keys // {
    admins = [ keys.jam ];
    all = builtins.attrValues keys;
  };

[2.82719]

[5.920]

  config.flake.modules.nixos.keys = commonModule;
  config.flake.modules.darwin.keys = commonModule;

File deletion: ssh.nix, ssh.nix, ssh.nix

BFD:BFD[7.18852] → [8.574:605]

BF:BFD[8.605] → [8.116:116]

BFD:BFD[9.787] → [9.845:876]

BF:BFD[9.876] → [8.116:116]

BF:BFD[9.9] → [10.1255:1286]

BF:BFD[10.1286] → [8.116:116]

∅:D[11.303] → [8.131:164]

B:BD[8.131] → [8.131:164]

∅:D[11.787] → [8.404:405]

∅:D[12.2664] → [8.404:405]

B:BD[8.404] → [8.404:405]

∅:D[11.918] → [8.527:528]

∅:D[12.2791] → [8.527:528]

B:BD[8.527] → [8.527:528]

∅:D[11.975] → [8.571:573]

∅:D[12.2844] → [8.571:573]

B:BD[8.571] → [8.571:573]

B:BD[8.528] → [11.919:975]

B:BD[8.405] → [11.788:918]

B:BD[8.164] → [13.298:405]

B:BD[13.405] → [11.304:787]

B:BD[8.116] → [11.281:303]

let
	inherit (lib) enabled;
in
{
}
					identityFile = identityPath;
				};
			};
		})
	];
					controlMaster       = "auto";
					controlPersist      = "60m";
					serverAliveCountMax = 2;
					serverAliveInterval = 60;
	environment.shellAliases.mosh = "mosh --no-init";
	programs.mosh = enabled {
		openFirewall = true;
	};
	home-manager.sharedModules = [
		(homeArgs: let
			identityPath = if config.isLinux then
				"${homeArgs.config.home.homeDirectory}/.ssh/id"
			else
				"${config.users.users.${config.system.primaryUser}.home}/.ssh/id";
		in {
			programs.ssh = enabled {
				enableDefaultConfig = false;
				extraConfig = ''
					strictHostKeyChecking accept-new
					identitiesOnly yes
				'';
				matchBlocks."*" = {
					setEnv.COLORTERM = "truecolor";
					setEnv.TERM      = "xterm-256color";
{ lib, config, ... }: