From 9475288da7ab35204a519beec4f22481fc5d64ac Mon Sep 17 00:00:00 2001
From: Lgmrszd <lgmrszd@disroot.org>
Date: Wed, 12 Jun 2024 02:03:07 +0300
Subject: [PATCH] vps1: move ssh config to a submodule, enable agent

---
 hosts/vps1/config/ssh.nix    | 28 ++++++++++++++++++++++++++++
 hosts/vps1/configuration.nix | 19 ++-----------------
 2 files changed, 30 insertions(+), 17 deletions(-)
 create mode 100644 hosts/vps1/config/ssh.nix

diff --git a/hosts/vps1/config/ssh.nix b/hosts/vps1/config/ssh.nix
new file mode 100644
index 0000000..5b289f0
--- /dev/null
+++ b/hosts/vps1/config/ssh.nix
@@ -0,0 +1,28 @@
+{ pkgs, config, data, ... }:
+let
+  gitSSHPort = data.services.git.sshPort;
+in
+{
+  services.openssh = {
+    enable = true;
+    ports = [ (if data ? sshPort then data.sshPort else 37163) gitSSHPort ];
+    settings.PermitRootLogin = "no";
+    settings.PasswordAuthentication = false;
+    extraConfig = ''
+    Match LocalPort ${toString gitSSHPort}
+      AllowUsers forgejo
+    '';
+  };
+  programs.ssh.startAgent = true;
+
+  services.endlessh-go = {
+    enable = true;
+    openFirewall = true;
+    port = 22;
+  };
+
+  users.users.lgm.openssh.authorizedKeys.keys = [
+    ''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''
+    ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUawqrjSPXTwQ4ZY2rw9o+XgmK7TbH0QEIXQPh8gT0J lgm@lgm-nixos''
+  ];
+}
\ No newline at end of file
diff --git a/hosts/vps1/configuration.nix b/hosts/vps1/configuration.nix
index 99759ff..007fd92 100644
--- a/hosts/vps1/configuration.nix
+++ b/hosts/vps1/configuration.nix
@@ -16,6 +16,7 @@ in
 {
   imports = [
     ./hardware-configuration.nix
+    ./config/ssh.nix
     ./services/postgres.nix
     ./services/authentik.nix
     ./services/git.nix
@@ -39,27 +40,12 @@ in
   networking.hostName = "lgm-vps1";
   networking.domain = "contaboserver.net";
   networking.firewall.allowedTCPPorts = [ 80 443 ];
-  services.openssh = {
-    enable = true;
-    ports = [ (if data ? sshPort then data.sshPort else 37163) gitSSHPort ];
-    settings.PermitRootLogin = "no";
-    settings.PasswordAuthentication = false;
-    extraConfig = ''
-    Match LocalPort ${toString gitSSHPort}
-      AllowUsers forgejo
-    '';
-  };
+
 
   networking.nat.enable = true;
   networking.nat.internalInterfaces = ["ve-+"];
   networking.nat.externalInterface = "eth0";
 
-  services.endlessh-go = {
-    enable = true;
-    openFirewall = true;
-    port = 22;
-  };
-
   services.vscode-server = {
     enable = true;
     nodejsPackage = pkgs.nodejs_18;
@@ -170,7 +156,6 @@ in
       config.services.openvscode-server.group
     ];
     shell = pkgs.fish;
-    openssh.authorizedKeys.keys = [''sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIHFPA2RhqZIVCLwYuEUDQyOnJ4g1R6IfQyhGqZ2Cvvu+AAAABHNzaDo= lgm@lgm-nixos''];
   };
 
   system.stateVersion = "23.11";