Flushing out article
- SSH agent section - More dotfile examples in home manager article - Syntax highlighting gruvbox theme
This commit is contained in:
parent
ed72df31df
commit
ecd0f85ef3
|
@ -39,3 +39,7 @@ contentTypeName = 'rambles'
|
|||
[markup.tableOfContents]
|
||||
endLevel = 4
|
||||
startLevel = 1
|
||||
[markup.highlight]
|
||||
noClasses = true
|
||||
style = 'gruvbox'
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ So here's my take on installing the Home Manager outside of NixOS.
|
|||
|
||||
# Actually using Home Manager
|
||||
|
||||
Assuming you're continuing from [my previous article on Nix](/rambles/nix-on-other-distros-packagemanagers), the first step is to go to the Home Manager github page and go to the [page regarding the standalone installtion](https://nix-community.github.io/home-manager/index.html#sec-install-standalone).
|
||||
Assuming you're continuing from [my previous article on Nix](/rambles/nix-on-other-distros-packagemanagers), the first step is to go to the Home Manager github page and go to the [page regarding the standalone installation](https://nix-community.github.io/home-manager/index.html#sec-install-standalone).
|
||||
|
||||
From there, things will be quite self explanatory if you're used to the (bare) basics of NixOS.
|
||||
Though instead of using `/etc/nixos/configuration.nix` you'll be using `$HOME/.config/nixpkgs/home.nix` by default.
|
||||
|
@ -57,7 +57,16 @@ A basic Home Manager installation will leave you with a `home.nix` file with the
|
|||
}
|
||||
```
|
||||
|
||||
### Installing packages
|
||||
After making any changes to your `home.nix` file, you can apply them with:
|
||||
```sh
|
||||
home-manager switch
|
||||
```
|
||||
If you first want to see whether you build is going to be successful or not, run:
|
||||
```sh
|
||||
home-manager build
|
||||
```
|
||||
|
||||
## Installing packages
|
||||
|
||||
To add some packages, you'll need to add them to the `home.packages` array.
|
||||
On my Alpine installation I have the following:
|
||||
|
@ -74,11 +83,14 @@ Notice the `with pkgs;` section.
|
|||
This prevents you from having to add the `pkgs` prefix to every package you want to add.
|
||||
I don't think this is the idiomatic way of adding packages to your configuration, but it allows me to be a bit lazier and it hasn't caused any breakages yet.
|
||||
|
||||
### Managing dotfiles and configuration
|
||||
|
||||
## Managing dotfiles and configuration
|
||||
|
||||
Another amazing thing the Home Manager can do is manage your dotfiles.
|
||||
And this in turn can be managed with Git.
|
||||
More on this later
|
||||
More on this later.
|
||||
|
||||
### Git configuration
|
||||
|
||||
For instance, I have it manage my Git config using the git module.
|
||||
To do this, I have the something like the following in my `home.nix`:
|
||||
|
@ -89,7 +101,7 @@ To do this, I have the something like the following in my `home.nix`:
|
|||
ignores = [ "*.swp" ]; # I don't need to see that I still have a file open in vim
|
||||
signing = {
|
||||
key = "<gpg-fingerprint>";
|
||||
signByDefault = false; # it would probably be better for security to have this be true, but doing do gets annoying really fast
|
||||
signByDefault = false; # it would probably be better for security to have this be true, but doing so gets annoying really fast
|
||||
};
|
||||
userEmail = "<user-email>";
|
||||
userName = "<user-name>";
|
||||
|
@ -106,8 +118,32 @@ Here's the [list of options](https://nix-community.github.io/home-manager/option
|
|||
|
||||
I _strongly_ recommend digging through the documentation, looking for things that interest you in your current situation and setup.
|
||||
|
||||
### Integrating existing (dot)files
|
||||
|
||||
### Git integration
|
||||
The Home Manager can also manage arbitrary (dot)files for you.
|
||||
I have it link my `.zshrc` into place with the following line:
|
||||
```nix
|
||||
...
|
||||
home.file.".zshrc".source = ./zshrc;
|
||||
...
|
||||
```
|
||||
This looks for a file called `zshrc` in the same directory as `home.nix`.
|
||||
From there, it symlinks it to `~/.zshrc`
|
||||
|
||||
It can also manage recursive file structures.
|
||||
I have it keep track of my `sxiv` configuration with the following few lines:
|
||||
```nix
|
||||
...
|
||||
home.file.".config/sxiv" = {
|
||||
source = ./sxiv;
|
||||
recursive = true;
|
||||
};
|
||||
...
|
||||
```
|
||||
The interesting portion of this snippet is the `recursive` boolean.
|
||||
Because of this, Home Manager will recreate the directory structure found in `./sxiv` in `~/.config/sxiv` and symlinks the files found inside into place.
|
||||
|
||||
# Git integration
|
||||
|
||||
Since all the Home Manager requires is (at least) a single text file to manage your dotfiles and Nix environment packages, it's really easy to keep track of your configuration using Git.
|
||||
To that end, I have a bare repository on one of my home servers over at `/srv/git/nix/<nix-configuration>.git`
|
||||
|
|
|
@ -4,7 +4,7 @@ date: "2022-09-27T11:40:31+02:00"
|
|||
author: "$HUMANOID"
|
||||
tags: ["ssh", "technology"]
|
||||
description: "An article on configuring SSH from the ground up to something that can grow out into my monster of a configuration"
|
||||
draft: true
|
||||
toc: true
|
||||
---
|
||||
|
||||
# Introduction
|
||||
|
@ -90,7 +90,7 @@ When going through `/etc/ssh/sshd_config` you've probably come across a few line
|
|||
...
|
||||
```
|
||||
|
||||
This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for public keys.
|
||||
This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys.
|
||||
So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in.
|
||||
This can be done in a few ways.
|
||||
The proper way is by using:
|
||||
|
@ -136,14 +136,14 @@ The very first thing I do after setting up a server, is add an entry to my `~/.s
|
|||
A basic configuration section looks like the following:
|
||||
```ssh_config
|
||||
Host <host> # this is something you can easily identify
|
||||
Host <hostname> # this does need to be an IP address or DNS record pointing to an IP address
|
||||
Host <host-name> # this does need to be an IP address or DNS record pointing to an IP address
|
||||
IdentityFile ~/.ssh/<key-file>
|
||||
User <username>
|
||||
Port 6969
|
||||
User <user-name>
|
||||
Port <meme-number>
|
||||
```
|
||||
This allows you to log into host `<host>` with on port `6969` with key `~/.ssh/<key-file>` as user `<username>` without by typing:
|
||||
This allows you to log into host `<host>` with on port `<meme-number>` with key `~/.ssh/<key-file>` as user `<user-name>` without by typing:
|
||||
```sh
|
||||
ssh <username>@<hostname> -p 6969 -i ~/.ssh/<key-file>
|
||||
ssh <user-name>@<host-name> -p <meme-number> -i ~/.ssh/<key-file>
|
||||
```
|
||||
Instead the following command will work:
|
||||
```sh
|
||||
|
@ -169,7 +169,7 @@ Useful for when you want to be able to log into the same host using multiple key
|
|||
|
||||
### `ProxyCommand`
|
||||
|
||||
Always connect to your host using a proxy.
|
||||
Always connect to your host using a proxy, using a given command.
|
||||
|
||||
Useful for when you can only access a host through a certain proxy.
|
||||
|
||||
|
@ -178,7 +178,52 @@ I use this for my Tor hosts:
|
|||
```ssh_config
|
||||
Host tor-<host>
|
||||
Hostname <lengthy-56-character-string>.onion
|
||||
# this is dependent on the netcat implementation of the OpenBSD project
|
||||
ProxyCommand nc -X 5 -x localhost:9050 %h %p # this assumes you are running a tor proxy on your local system and attempts to make a connection through that
|
||||
Identityfile ~/.ssh/<key-file>
|
||||
User <user>
|
||||
```
|
||||
|
||||
# The SSH Agent
|
||||
|
||||
If you're using SSH keys with passphrases, it will very quickly get annoying to type in the passphrase every time you use a certain key.
|
||||
To alleviate this tedium, the SSH agent exists.
|
||||
|
||||
If you're using a full desktop environment, chances are that you already have an SSH agent running in the background.
|
||||
You can check this by seeing if `$SSH_AGENT_PID` is set to anything.
|
||||
```sh
|
||||
echo $SSH_AGENT_PID
|
||||
```
|
||||
|
||||
If this isn't set to anything, you can start an agent session by running:
|
||||
```sh
|
||||
eval $(ssh-agent)
|
||||
```
|
||||
|
||||
Now you can add keys to your agent with:
|
||||
```sh
|
||||
ssh-add </path/to/key-file>
|
||||
```
|
||||
|
||||
You can also have it automatically drop keys after a specified amount of time with the `-t` flag.
|
||||
I tend to do this with my root keys as a security precaution.
|
||||
|
||||
```sh
|
||||
ssh-add -t 1h ~/.ssh/<root-key>
|
||||
```
|
||||
|
||||
Starting an SSH agent every time you open a new shell session gets quite annoying quite quickly.
|
||||
There are a few things you can automate this.
|
||||
The simplest is to add `eval $(ssh-agent)` to your `~/.profile`.
|
||||
Another option, the one I prefer, is to use [keychain](https://www.funtoo.org/Funtoo:Keychain) from the Funtoo project.
|
||||
It checks whether there's an agent running every time you start a new login session.
|
||||
If there is, it sets the SSH agent environment variables to the existing ones from some other session.
|
||||
If there isn't a running SSH session, it will start one.
|
||||
|
||||
I have the following in my `~/.profile`:
|
||||
```sh
|
||||
...
|
||||
eval $(keychain --agents 'gpg,ssh' --eval)
|
||||
...
|
||||
```
|
||||
As you can see, it can also keep track of your GPG agent.
|
||||
|
|
|
@ -1 +1 @@
|
|||
Subproject commit 4de188c7d96d92899feb1bf73b33fc399aba6f41
|
||||
Subproject commit 830a4225322572492deef242a15f945b3f02d4e6
|
Loading…
Reference in a new issue