home/ssh: adjust to deprecation warnings

2025-12-29 01:00:03 +01:00 · 2025-12-29 01:00:03 +01:00 · 411c7642ea
commit 411c7642ea
parent 27bfacbfec
2 changed files with 38 additions and 11 deletions
--- a/home/workmac.nix
+++ b/home/workmac.nix
@ -38,22 +38,31 @@ in

  programs.ssh = {
    enable = true;
+    enableDefaultConfig = false; # deprecated
    package = pkgs.openssh;
-    # defaults in bottom match block "*"
    # TODO: common config for desktop as well
-    serverAliveInterval = 10;
-    serverAliveCountMax = 2; # 2 strikes and you're out
+    # early catchall to enforce agent socket usage. **NOT** the place for fallback defaults.
+    extraOptionOverrides = {
+      IdentityAgent = "\"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
+    };
+
    # ssh host config
    matchBlocks = {
-
-      # early catchall to enforce agent socket usage. **NOT** the place for fallback defaults.
+      # default, gets placed last by home-manager
      "*" = {
-        extraOptions = {
-          IdentityAgent = "\"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
-        };
+        serverAliveInterval = 10;
+        serverAliveCountMax = 2; # 2 strikes and you're out
+        forwardAgent = false;
+        addKeysToAgent = "no";
+        compression = false;
+        hashKnownHosts = false;
+        userKnownHostsFile = "~/.ssh/known_hosts";
+        controlMaster = "no";
+        controlPath = "~/.ssh/master-%r@%n:%p";
+        controlPersist = "no";
      };

-      "hydra01" = lib.hm.dag.entryAfter [ "*" ] {
+      "hydra01" = {
        hostname = "hydra01.access.whq.gocept.net";
        user = "os";
      };
@ -68,7 +77,7 @@ in
        };

      };
-      "fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] {
+      "fcio-rzob-jump" = {
        # multiplexer, e.g. to avoid rate limiting on jumphost usage
        hostname = "vpn-rzob.services.fcio.net";
        extraOptions = {