Rebase to flake parts #4

2026-05-01 17:25:23 -03:00
parent 2c576715de
commit 064ba9655a
11 changed files with 2019 additions and 0 deletions
@@ -0,0 +1,113 @@
+{ lib, ... }: {
+  flake.lib.sshInventory =
+    let
+      hosts = {
+        "14900k" = {
+          hostName = "192.168.2.25";
+          aliases = [ "14900k" "nixdesk" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILwUevBGnf+Y/sL1ZsB4bt0c50a89iqwPRoYUGP4UHsL 14900k";
+        };
+
+        ideapad = {
+          hostName = "192.168.2.113";
+          aliases = [ "ideapad" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIQwaaI90xIMjZ46EcMyO8kBwGCxf7qVL75IYhw8Ssze ideapad";
+        };
+
+        t2mbp = {
+          hostName = "192.168.2.15";
+          aliases = [ "t2mbp" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMhVWB9YXl/FuQvufle4VWUas/QM8qCKoRd5a83Tt3S6 t2mbp";
+        };
+
+        uConsole = {
+          hostName = "192.168.2.99";
+          aliases = [ "uConsole" "uconsole" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAVPR0lRAcywPR7iTchM3+eO7NCdXAR6NPzYXxalr+dP uConsole";
+        };
+
+        test = {
+          hostName = "test";
+          aliases = [ "test" ];
+          publicKey = null;
+        };
+
+        nix-server = {
+          hostName = "192.168.2.238";
+          aliases = [ "nix-server" ];
+          publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL3KDicMjtOFR6LfZrFzfAD1gdYUdwv6ZM4PSgtmIuzd nix-server";
+        };
+      };
+
+      mkIdentityFileName = hostName: ".ssh/id_ed25519_${lib.strings.toLower hostName}.pub";
+      activeHosts = builtins.removeAttrs hosts (
+        builtins.filter (name: hosts.${name}.publicKey == null) (builtins.attrNames hosts)
+      );
+
+      mkIdentityFiles = selectedHosts:
+        builtins.listToAttrs (
+          builtins.map
+            (hostName: {
+              name = mkIdentityFileName hostName;
+              value.text = "${selectedHosts.${hostName}.publicKey}\n";
+            })
+            (builtins.attrNames selectedHosts)
+        );
+
+      # Must come before inventory `Host` blocks and before `Host *`: LAN Gitea SSH is not a catalog PC,
+      # and `Host *` sets `IdentityAgent none` — without this, git@192.168.2.103 never sees rbw keys.
+      giteaSshBlock = identityAgent: ''
+        Host git.chiasson.cloud gitea casaos 192.168.2.103
+          HostName 192.168.2.103
+          Port 222
+          User git
+          IdentityAgent ${identityAgent}
+          IdentitiesOnly no
+      '';
+
+      mkSshConfigTemplate =
+        {
+          selectedHosts ? activeHosts,
+          user ? null,
+          identityAgent ? "__RBW_SSH_SOCK__",
+        }:
+        let
+          hostBlocks = builtins.map
+            (hostName:
+              let
+                entry = selectedHosts.${hostName};
+                hostPatterns = builtins.concatStringsSep " " (entry.aliases ++ [ entry.hostName ]);
+                userLine = if user == null then "" else "  User ${user}\n";
+              in
+              ''
+                Host ${hostPatterns}
+                  HostName ${entry.hostName}
+${userLine}              IdentityFile ~/${mkIdentityFileName hostName}
+                  IdentityAgent ${identityAgent}
+                  IdentitiesOnly yes
+              '')
+            (builtins.attrNames selectedHosts);
+        in
+        builtins.concatStringsSep "\n" (
+          [
+            (giteaSshBlock identityAgent)
+          ]
+          ++ hostBlocks
+          ++ [
+            ''
+              Host *
+                IdentitiesOnly yes
+                IdentityAgent none
+            ''
+          ]
+        );
+    in
+    {
+      inherit hosts activeHosts mkIdentityFiles mkSshConfigTemplate;
+      authorizedKeys = lib.unique (
+        builtins.map (entry: entry.publicKey) (builtins.attrValues activeHosts)
+      );
+      identityFiles = mkIdentityFiles activeHosts;
+      sshConfigTemplate = mkSshConfigTemplate { };
+    };
+}