move some config to user level module

2025-02-01 17:07:03 +08:00 · 2025-02-01 17:07:03 +08:00 · eada853044
commit eada853044
parent 86cb708ad7
6 changed files with 78 additions and 91 deletions
--- a/home/david/configurations/Akun/default.nix
+++ b/home/david/configurations/Akun/default.nix
@ -28,6 +28,7 @@

  david = {
    wallpaper.enable = true;
+    programs.openssh.enable = true;
  };

  xdg.userDirs = {
@ -85,27 +86,6 @@
    just
  ];

-  programs.ssh = {
-    enable = true;
-    hashKnownHosts = true;
-    extraOptionOverrides = {
-      HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
-      KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
-      MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
-      Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
-    };
-    matchBlocks = {
-      "github.com" = {
-        hostname = "ssh.github.com";
-        port = 443;
-        user = "git";
-        extraOptions = {
-          AddKeysToAgent = "yes";
-        };
-      };
-    };
-    includes = [ config.sops.secrets.ssh-config.path ];
-  };
  programs.chromium = {
    enable = true;
    commandLineArgs = [
@ -114,27 +94,4 @@
      "--enable-features=UseOzonePlatform"
    ];
  };
-  sops.secrets = {
-    "ssh-private-key/tytonidae" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
-    };
-    "ssh-private-key/akun" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
-    };
-    "ssh-private-key/cape" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape";
-    };
-    "ssh-private-key/deploy" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy";
-    };
-    "ssh-config" = {
-      mode = "0400";
-      format = "yaml";
-      sopsFile = rootPath + "/secrets/ssh-config.yaml";
-    };
-  };
 }
--- a/home/david/configurations/Tytonidae/default.nix
+++ b/home/david/configurations/Tytonidae/default.nix
@ -37,6 +37,7 @@

  david = {
    wallpaper.enable = true;
+    programs.openssh.enable = true;
  };

  xdg.userDirs = {
@ -92,27 +93,7 @@
    viu
    just
  ];
-  programs.ssh = {
-    enable = true;
-    hashKnownHosts = true;
-    extraOptionOverrides = {
-      HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
-      KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
-      MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
-      Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
-    };
-    matchBlocks = {
-      "github.com" = {
-        hostname = "ssh.github.com";
-        port = 443;
-        user = "git";
-        extraOptions = {
-          AddKeysToAgent = "yes";
-        };
-      };
-    };
-    includes = [ config.sops.secrets.ssh-config.path ];
-  };
+
  programs.chromium = {
    enable = true;
    commandLineArgs = [
@ -127,29 +108,4 @@
      uris = [ "qemu:///system" ];
    };
  };
-
-  sops.secrets = {
-    "ssh-private-key/tytonidae" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
-    };
-    "ssh-private-key/akun" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
-    };
-    "ssh-private-key/cape" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape";
-    };
-    "ssh-private-key/deploy" = {
-      mode = "0600";
-      path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy";
-    };
-    "ssh-config" = {
-      mode = "0400";
-      format = "yaml";
-      sopsFile = rootPath + "/secrets/ssh-config.yaml";
-    };
-  };
-
 }
--- a/home/david/modules/default.nix
+++ b/home/david/modules/default.nix
@ -1,7 +1,8 @@
 { pkgs, ... }:
 {
  imports = [
-    ./wallpaper
+    ./wallpaper.nix
+    ./programs
  ];
  config = {
    home.packages = with pkgs; [
--- a/home/david/modules/programs/default.nix
+++ b/home/david/modules/programs/default.nix
@ -0,0 +1,6 @@
+{ ... }:
+{
+  imports = [
+    ./openssh.nix
+  ];
+}
--- a/home/david/modules/programs/openssh.nix
+++ b/home/david/modules/programs/openssh.nix
@ -0,0 +1,67 @@
+{
+  rootPath,
+  config,
+  lib,
+  ...
+}:
+let
+  cfg = config.david.programs.openssh;
+in
+{
+  options = {
+    david.programs.openssh = {
+      enable = lib.mkEnableOption "openssh";
+    };
+  };
+  config = lib.mkMerge [
+    (lib.mkIf cfg.enable {
+      programs.ssh = {
+        enable = true;
+        hashKnownHosts = true;
+        extraOptionOverrides = {
+          HostKeyAlgorithms = "ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256";
+          KexAlgorithms = "curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256";
+          MACs = "hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com";
+          Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";
+        };
+        matchBlocks = {
+          "github.com" = {
+            hostname = "ssh.github.com";
+            port = 443;
+            user = "git";
+            extraOptions = {
+              AddKeysToAgent = "yes";
+            };
+          };
+        };
+      };
+
+    })
+    (lib.mkIf (cfg.enable && config.youthlic.programs.sops.enable) {
+      programs.ssh.includes = [ config.sops.secrets.ssh-config.path ];
+      sops.secrets = {
+        "ssh-private-key/tytonidae" = {
+          mode = "0600";
+          path = "${config.home.homeDirectory}/.ssh/id_ed25519_tytonidae";
+        };
+        "ssh-private-key/akun" = {
+          mode = "0600";
+          path = "${config.home.homeDirectory}/.ssh/id_ed25519_akun";
+        };
+        "ssh-private-key/cape" = {
+          mode = "0600";
+          path = "${config.home.homeDirectory}/.ssh/id_ed25519_cape";
+        };
+        "ssh-private-key/deploy" = {
+          mode = "0600";
+          path = "${config.home.homeDirectory}/.ssh/id_ed25519_deploy";
+        };
+        "ssh-config" = {
+          mode = "0400";
+          format = "yaml";
+          sopsFile = rootPath + "/secrets/ssh-config.yaml";
+        };
+      };
+    })
+  ];
+}
--- a/home/david/modules/wallpaper/default.nix
+++ b/home/david/modules/wallpaper/default.nix