From d80762acc8f626004cc8bfa51e7a3927f351d067 Mon Sep 17 00:00:00 2001
From: tv <tv@krebsco.de>
Date: Sat, 23 Jul 2016 12:18:46 +0200
Subject: tv ssh: init

---
 tv/2configs/default.nix |  8 +-------
 tv/2configs/ssh.nix     | 25 +++++++++++++++++++++++++
 2 files changed, 26 insertions(+), 7 deletions(-)
 create mode 100644 tv/2configs/ssh.nix

(limited to 'tv/2configs')

diff --git a/tv/2configs/default.nix b/tv/2configs/default.nix
index 04009f54d..8a14a2465 100644
--- a/tv/2configs/default.nix
+++ b/tv/2configs/default.nix
@@ -28,6 +28,7 @@ with config.krebs.lib;
     ./audit.nix
     ./backup.nix
     ./nginx
+    ./ssh.nix
     ./vim.nix
     {
       # stockholm dependencies
@@ -140,13 +141,6 @@ with config.krebs.lib;
           fi
         '';
       };
-
-      programs.ssh = {
-        extraConfig = ''
-          UseRoaming no
-        '';
-        startAgent = false;
-      };
     }
 
     {
diff --git a/tv/2configs/ssh.nix b/tv/2configs/ssh.nix
new file mode 100644
index 000000000..7bf583426
--- /dev/null
+++ b/tv/2configs/ssh.nix
@@ -0,0 +1,25 @@
+{ config, pkgs, ... }:
+
+with config.krebs.lib;
+
+{
+  # Override NixOS's "Allow DSA keys for now."
+  environment.etc."ssh/ssh_config".text = mkForce ''
+    AddressFamily ${if config.networking.enableIPv6 then "any" else "inet"}
+
+    ${optionalString config.programs.ssh.setXAuthLocation ''
+      XAuthLocation ${pkgs.xorg.xauth}/bin/xauth
+    ''}
+
+    ForwardX11 ${if config.programs.ssh.forwardX11 then "yes" else "no"}
+
+    ${config.programs.ssh.extraConfig}
+  '';
+
+  programs.ssh = {
+    extraConfig = ''
+      UseRoaming no
+    '';
+    startAgent = false;
+  };
+}
-- 
cgit v1.2.3