From 3d6af5dc1c31d481a458ce00550b193d35648e32 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Mon, 21 Jul 2025 12:49:14 -0700
Subject: move user configurations to top-level

---
 users/profiles/ssh.nix | 43 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 users/profiles/ssh.nix

(limited to 'users/profiles/ssh.nix')

diff --git a/users/profiles/ssh.nix b/users/profiles/ssh.nix
new file mode 100644
index 0000000..322a8bc
--- /dev/null
+++ b/users/profiles/ssh.nix
@@ -0,0 +1,43 @@
+{ pkgs, config, ... }:
+{
+  # https://github.com/nix-community/home-manager/blob/master/modules/programs/ssh.nix
+  programs.ssh = {
+    enable = true;
+    forwardAgent = true;
+    serverAliveInterval = 60;
+    controlMaster = "auto";
+    controlPersist = "30m";
+    controlPath = "${config.home.homeDirectory}/.ssh/sockets/S.%r@%h:%p";
+
+    matchBlocks = {
+      "git.fcuny.net" = {
+        proxyCommand = "${pkgs.cloudflared}/bin/cloudflared access ssh --hostname %h";
+      };
+      "github.com" = {
+        hostname = "github.com";
+        user = "git";
+        forwardAgent = false;
+        extraOptions = {
+          preferredAuthentications = "publickey";
+          controlMaster = "no";
+          controlPath = "none";
+        };
+      };
+      "github.rbx.com" = {
+        hostname = "github.rbx.com";
+        user = "git";
+        forwardAgent = false;
+        extraOptions = {
+          preferredAuthentications = "publickey";
+          controlMaster = "no";
+          controlPath = "none";
+        };
+      };
+    };
+  };
+
+  home.file = {
+    # we need this path to be created so that the control path can be used.
+    ".ssh/sockets/.keep".text = "# Managed by Home Manager";
+  };
+}
-- 
cgit v1.2.3