Trolli Schmittlauch
686bf13217
Adjust multiplexing settings to avoid being stuck for too long when the control master has issues or the target host e.g. rebooted. Relevant e.g. when used for reboot recovery check pings.
124 lines
3.1 KiB
Nix
124 lines
3.1 KiB
Nix
{
|
|
pkgs,
|
|
inputs,
|
|
config,
|
|
system,
|
|
lib,
|
|
...
|
|
}:
|
|
|
|
with pkgs;
|
|
let
|
|
unstable = inputs.nixos-unstable.legacyPackages.${system};
|
|
in
|
|
{
|
|
|
|
schmittlauch.packages = {
|
|
graphics = true;
|
|
multimedia = true;
|
|
nixHelpers = true;
|
|
devTools = true;
|
|
pythonTools = true;
|
|
};
|
|
|
|
home.packages = [
|
|
wireshark # on NixOS systems enabled via system config
|
|
_1password-cli
|
|
# also TODO: color schemes nix-darwin
|
|
];
|
|
|
|
# pinning theme is necessary until iTerm 3.5, because despite the dark terminal background, bat detects light mode and adapts theme
|
|
programs.bat.config.theme = "Visual Studio Dark+";
|
|
|
|
programs.ssh = {
|
|
enable = true;
|
|
# defaults in bottom match block "*"
|
|
# TODO: common config for desktop as well
|
|
# multiplexer, e.g. to avoid rate limiting on jumphost usage
|
|
serverAliveInterval = 10;
|
|
serverAliveCountMax = 2; # 2 strikes and you're out
|
|
controlMaster = "auto";
|
|
# not too long, due to the frequent keepalives
|
|
controlPersist = "1h";
|
|
# ssh host config
|
|
matchBlocks = {
|
|
|
|
# early catchall to enforce agent socket usage. **NOT** the place for fallback defaults.
|
|
"*" = {
|
|
extraOptions = {
|
|
IdentityAgent = "\"~/Library/Group Containers/2BUA8C4S2C.com.1password/t/agent.sock\"";
|
|
};
|
|
};
|
|
|
|
"hydra01" = lib.hm.dag.entryAfter [ "*" ] {
|
|
hostname = "hydra01.access.whq.gocept.net";
|
|
user = "os";
|
|
};
|
|
"fcio-whq-jump" = lib.hm.dag.entryAfter [ "*" ] {
|
|
hostname = "vpn-whq.services.fcio.net";
|
|
extraOptions.LogLevel = "Verbose";
|
|
};
|
|
"fcio-rzob-jump" = lib.hm.dag.entryAfter [ "*" ] { hostname = "vpn-rzob.services.fcio.net"; };
|
|
};
|
|
};
|
|
|
|
programs.git =
|
|
let
|
|
contacts = import "${inputs.mysecrets}/contacts.nix" { inherit lib; };
|
|
in
|
|
{
|
|
includes = [
|
|
{
|
|
condition = "gitdir:~/src/schmittlauch/";
|
|
contents = {
|
|
user = {
|
|
inherit (contacts.schmittlauch) name email;
|
|
};
|
|
};
|
|
}
|
|
]
|
|
# set default name for several other common locations
|
|
++ map (dir: {
|
|
condition = "gitdir:${dir}";
|
|
contents = {
|
|
user = {
|
|
inherit (contacts.work) name email;
|
|
};
|
|
};
|
|
}) [ "~/" ];
|
|
};
|
|
|
|
# some extra shell scripts
|
|
programs.zsh.initContent = lib.mkAfter (
|
|
import ./scripts/reporsync.nix { inherit pkgs lib; }
|
|
+ import ./scripts/ssh-loop-fc.nix { inherit pkgs lib; }
|
|
);
|
|
|
|
# separate proxied browser using the DHCP-supplied DNS for accessing captive portals
|
|
programs.captive-browser = {
|
|
enable = true;
|
|
interface = "en0";
|
|
};
|
|
launchd.agents.hydra_proxy = {
|
|
enable = true;
|
|
config = {
|
|
ProgramArguments = [
|
|
"${lib.getExe pkgs.autossh}"
|
|
"-M"
|
|
"0"
|
|
"-D"
|
|
"1080"
|
|
"-oServerAliveInterval=30"
|
|
"-oControlMaster=no"
|
|
"-N"
|
|
"vpn-whq.services.fcio.net"
|
|
];
|
|
# TODO: consider socket activation instead
|
|
KeepAlive = true;
|
|
ThrottleInterval = 60;
|
|
};
|
|
};
|
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "1password-cli" ];
|
|
|
|
home.stateVersion = "22.05";
|
|
}
|