From ecd0f85ef3ffed5170b075f93b651fb2802b3aa0 Mon Sep 17 00:00:00 2001 From: Marty Sluijtman Date: Thu, 29 Sep 2022 14:42:58 +0200 Subject: [PATCH] Flushing out article - SSH agent section - More dotfile examples in home manager article - Syntax highlighting gruvbox theme --- config.toml | 4 ++ content/rambles/nix-home-manager.md | 48 +++++++++++++++++++--- content/rambles/ssh-configuration.md | 61 ++++++++++++++++++++++++---- themes/vugo | 2 +- 4 files changed, 100 insertions(+), 15 deletions(-) diff --git a/config.toml b/config.toml index 0ad9021..a84c6de 100644 --- a/config.toml +++ b/config.toml @@ -39,3 +39,7 @@ contentTypeName = 'rambles' [markup.tableOfContents] endLevel = 4 startLevel = 1 + [markup.highlight] + noClasses = true + style = 'gruvbox' + diff --git a/content/rambles/nix-home-manager.md b/content/rambles/nix-home-manager.md index 17e7a09..2ab36b5 100644 --- a/content/rambles/nix-home-manager.md +++ b/content/rambles/nix-home-manager.md @@ -27,7 +27,7 @@ So here's my take on installing the Home Manager outside of NixOS. # Actually using Home Manager -Assuming you're continuing from [my previous article on Nix](/rambles/nix-on-other-distros-packagemanagers), the first step is to go to the Home Manager github page and go to the [page regarding the standalone installtion](https://nix-community.github.io/home-manager/index.html#sec-install-standalone). +Assuming you're continuing from [my previous article on Nix](/rambles/nix-on-other-distros-packagemanagers), the first step is to go to the Home Manager github page and go to the [page regarding the standalone installation](https://nix-community.github.io/home-manager/index.html#sec-install-standalone). From there, things will be quite self explanatory if you're used to the (bare) basics of NixOS. Though instead of using `/etc/nixos/configuration.nix` you'll be using `$HOME/.config/nixpkgs/home.nix` by default. @@ -57,7 +57,16 @@ A basic Home Manager installation will leave you with a `home.nix` file with the } ``` -### Installing packages +After making any changes to your `home.nix` file, you can apply them with: +```sh +home-manager switch +``` +If you first want to see whether you build is going to be successful or not, run: +```sh +home-manager build +``` + +## Installing packages To add some packages, you'll need to add them to the `home.packages` array. On my Alpine installation I have the following: @@ -74,11 +83,14 @@ Notice the `with pkgs;` section. This prevents you from having to add the `pkgs` prefix to every package you want to add. I don't think this is the idiomatic way of adding packages to your configuration, but it allows me to be a bit lazier and it hasn't caused any breakages yet. -### Managing dotfiles and configuration + +## Managing dotfiles and configuration Another amazing thing the Home Manager can do is manage your dotfiles. And this in turn can be managed with Git. -More on this later +More on this later. + +### Git configuration For instance, I have it manage my Git config using the git module. To do this, I have the something like the following in my `home.nix`: @@ -89,7 +101,7 @@ To do this, I have the something like the following in my `home.nix`: ignores = [ "*.swp" ]; # I don't need to see that I still have a file open in vim signing = { key = ""; - signByDefault = false; # it would probably be better for security to have this be true, but doing do gets annoying really fast + signByDefault = false; # it would probably be better for security to have this be true, but doing so gets annoying really fast }; userEmail = ""; userName = ""; @@ -106,8 +118,32 @@ Here's the [list of options](https://nix-community.github.io/home-manager/option I _strongly_ recommend digging through the documentation, looking for things that interest you in your current situation and setup. +### Integrating existing (dot)files -### Git integration +The Home Manager can also manage arbitrary (dot)files for you. +I have it link my `.zshrc` into place with the following line: +```nix +... + home.file.".zshrc".source = ./zshrc; +... +``` +This looks for a file called `zshrc` in the same directory as `home.nix`. +From there, it symlinks it to `~/.zshrc` + +It can also manage recursive file structures. +I have it keep track of my `sxiv` configuration with the following few lines: +```nix +... + home.file.".config/sxiv" = { + source = ./sxiv; + recursive = true; + }; +... +``` +The interesting portion of this snippet is the `recursive` boolean. +Because of this, Home Manager will recreate the directory structure found in `./sxiv` in `~/.config/sxiv` and symlinks the files found inside into place. + +# Git integration Since all the Home Manager requires is (at least) a single text file to manage your dotfiles and Nix environment packages, it's really easy to keep track of your configuration using Git. To that end, I have a bare repository on one of my home servers over at `/srv/git/nix/.git` diff --git a/content/rambles/ssh-configuration.md b/content/rambles/ssh-configuration.md index a8dd251..36d1430 100644 --- a/content/rambles/ssh-configuration.md +++ b/content/rambles/ssh-configuration.md @@ -4,7 +4,7 @@ date: "2022-09-27T11:40:31+02:00" author: "$HUMANOID" tags: ["ssh", "technology"] description: "An article on configuring SSH from the ground up to something that can grow out into my monster of a configuration" -draft: true +toc: true --- # Introduction @@ -90,7 +90,7 @@ When going through `/etc/ssh/sshd_config` you've probably come across a few line ... ``` -This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for public keys. +This means that the SSH daemon will check in `.ssh/authorized_keys` in the home directory of the user as whom you're trying to log in for authorized keys. So the next step is to append your public key to this file in the home directory of the user as whom you want to be able to log in. This can be done in a few ways. The proper way is by using: @@ -136,14 +136,14 @@ The very first thing I do after setting up a server, is add an entry to my `~/.s A basic configuration section looks like the following: ```ssh_config Host # this is something you can easily identify - Host # this does need to be an IP address or DNS record pointing to an IP address + Host # this does need to be an IP address or DNS record pointing to an IP address IdentityFile ~/.ssh/ - User - Port 6969 + User + Port ``` -This allows you to log into host `` with on port `6969` with key `~/.ssh/` as user `` without by typing: +This allows you to log into host `` with on port `` with key `~/.ssh/` as user `` without by typing: ```sh -ssh @ -p 6969 -i ~/.ssh/ +ssh @ -p -i ~/.ssh/ ``` Instead the following command will work: ```sh @@ -169,7 +169,7 @@ Useful for when you want to be able to log into the same host using multiple key ### `ProxyCommand` -Always connect to your host using a proxy. +Always connect to your host using a proxy, using a given command. Useful for when you can only access a host through a certain proxy. @@ -178,7 +178,52 @@ I use this for my Tor hosts: ```ssh_config Host tor- Hostname .onion + # this is dependent on the netcat implementation of the OpenBSD project ProxyCommand nc -X 5 -x localhost:9050 %h %p # this assumes you are running a tor proxy on your local system and attempts to make a connection through that Identityfile ~/.ssh/ User ``` + +# The SSH Agent + +If you're using SSH keys with passphrases, it will very quickly get annoying to type in the passphrase every time you use a certain key. +To alleviate this tedium, the SSH agent exists. + +If you're using a full desktop environment, chances are that you already have an SSH agent running in the background. +You can check this by seeing if `$SSH_AGENT_PID` is set to anything. +```sh +echo $SSH_AGENT_PID +``` + +If this isn't set to anything, you can start an agent session by running: +```sh +eval $(ssh-agent) +``` + +Now you can add keys to your agent with: +```sh +ssh-add +``` + +You can also have it automatically drop keys after a specified amount of time with the `-t` flag. +I tend to do this with my root keys as a security precaution. + +```sh +ssh-add -t 1h ~/.ssh/ +``` + +Starting an SSH agent every time you open a new shell session gets quite annoying quite quickly. +There are a few things you can automate this. +The simplest is to add `eval $(ssh-agent)` to your `~/.profile`. +Another option, the one I prefer, is to use [keychain](https://www.funtoo.org/Funtoo:Keychain) from the Funtoo project. +It checks whether there's an agent running every time you start a new login session. +If there is, it sets the SSH agent environment variables to the existing ones from some other session. +If there isn't a running SSH session, it will start one. + +I have the following in my `~/.profile`: +```sh +... +eval $(keychain --agents 'gpg,ssh' --eval) +... +``` +As you can see, it can also keep track of your GPG agent. diff --git a/themes/vugo b/themes/vugo index 4de188c..830a422 160000 --- a/themes/vugo +++ b/themes/vugo @@ -1 +1 @@ -Subproject commit 4de188c7d96d92899feb1bf73b33fc399aba6f41 +Subproject commit 830a4225322572492deef242a15f945b3f02d4e6