talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Add keep-alive to ssh connections.

Browse Source
This commit is contained in:
Tom Alexander 2026-01-26 19:13:20 -05:00 committed by Tom Alexander
parent 43f3c1f955
commit e75c4087c3
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
6 changed files with 277 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nix/configuration/roles/ssh/default.nix
View File

@ -47,5 +47,9 @@
source = ./files/ssh_config; source = ./files/ssh_config;
}; };
}; };
programs.ssh.extraConfig = ''
Include ${./files/ssh_config_global}
'';
}; };
} }

3
nix/configuration/roles/ssh/files/ssh_config
View File

@ -37,6 +37,3 @@ Host hydra
Host i_only_boot_zfs Host i_only_boot_zfs
HostName 127.0.0.1 HostName 127.0.0.1
Port 60022 Port 60022
Host *
Compression yes

4
nix/configuration/roles/ssh/files/ssh_config_global Normal file
View File

@ -0,0 +1,4 @@
Host *
Compression yes
# ServerAliveInterval 240
# TCPKeepAlive yes # Default is yes

3
nix/configuration/roles/ssh/files/ssh_config_root
View File

@ -4,6 +4,3 @@ Host hydra
User nixworker User nixworker
IdentitiesOnly yes IdentitiesOnly yes
IdentityFile /persist/manual/ssh/root/keys/id_ed25519 IdentityFile /persist/manual/ssh/root/keys/id_ed25519
Host *
Compression yes

3
nix/configuration/roles/sshd/default.nix
View File

@ -22,6 +22,9 @@
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
KbdInteractiveAuthentication = false; KbdInteractiveAuthentication = false;
# ClientAliveInterval = 120;
# ClientAliveCountMax = 3;
# TCPKeepAlive = "yes"; # Default is yes
}; };
hostKeys = [ hostKeys = [
{ {

359
nix/configuration/util/install_files/default.nix
View File

@ -11,7 +11,7 @@ let
attrNames attrNames
; ;
get_shell_values = get_user_shell_values =
target: target:
let let
homedir = config.users.users."${target.username}".home; homedir = config.users.users."${target.username}".home;
@ -25,6 +25,19 @@ let
username = lib.strings.escapeShellArg "${target.username}"; username = lib.strings.escapeShellArg "${target.username}";
group = lib.strings.escapeShellArg "${group}"; group = lib.strings.escapeShellArg "${group}";
}; };
get_global_shell_values =
target:
let
group = config.users.users."${target.username}".group;
in
{
source = lib.strings.escapeShellArg "${target.source}";
destination = lib.strings.escapeShellArg "${target.target}";
mode = lib.strings.escapeShellArg "${target.mode}";
dir_mode = lib.strings.escapeShellArg "${target.dir_mode}";
username = lib.strings.escapeShellArg "${target.username}";
group = lib.strings.escapeShellArg "${group}";
};
install_user_file = install_user_file =
let let
constructors = { constructors = {
@ -33,12 +46,20 @@ let
}; };
in in
stage: target: (constructors."${target.method}"."${stage}" target); stage: target: (constructors."${target.method}"."${stage}" target);
install_global_file =
let
constructors = {
"overwrite" = install_global_file_overwrite;
"symlink" = install_global_file_symlink;
};
in
stage: target: (constructors."${target.method}"."${stage}" target);
install_user_file_overwrite = { install_user_file_overwrite = {
"check" = (target: ""); "check" = (target: "");
"install" = ( "install" = (
target: target:
let let
inherit (get_shell_values target) inherit (get_user_shell_values target)
source source
destination destination
mode mode
@ -79,7 +100,7 @@ let
"uninstall" = ( "uninstall" = (
target: target:
let let
inherit (get_shell_values target) inherit (get_user_shell_values target)
source source
destination destination
; ;
@ -107,7 +128,7 @@ let
"install" = ( "install" = (
target: target:
let let
inherit (get_shell_values target) inherit (get_user_shell_values target)
source source
destination destination
mode mode
@ -151,7 +172,7 @@ let
"uninstall" = ( "uninstall" = (
target: target:
let let
inherit (get_shell_values target) inherit (get_user_shell_values target)
source source
destination destination
; ;
@ -174,18 +195,163 @@ let
] ]
); );
}; };
in install_global_file_overwrite = {
{ "check" = (target: "");
imports = [ ]; "install" = (
target:
let
inherit (get_global_shell_values target)
source
destination
mode
dir_mode
username
group
;
flags = lib.strings.concatStringsSep " " [
(if mode != "" then "-m ${mode}" else "")
(if username != "" then "-o ${username}" else "")
(if group != "" then "-g ${group}" else "")
];
dir_flags = lib.strings.concatStringsSep " " [
(if dir_mode != "" then "-m ${dir_mode}" else "")
(if username != "" then "-o ${username}" else "")
(if group != "" then "-g ${group}" else "")
];
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
create_containing_directories "$full_dest" ${dir_flags}
$DRY_RUN_CMD install $VERBOSE_ARG --compare ${flags} "$file" "$full_dest"
done
''
]
else
[
''
create_containing_directories ${destination} ${dir_flags}
$DRY_RUN_CMD install $VERBOSE_ARG --compare ${flags} ${source} ${destination}
''
]
);
"uninstall" = (
target:
let
inherit (get_global_shell_values target)
source
destination
;
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
$DRY_RUN_CMD echo rm -f "$full_dest"
done
''
]
else
[
''
$DRY_RUN_CMD echo rm -f ${destination}
''
]
);
};
install_global_file_symlink = {
"check" = (target: "");
"install" = (
target:
let
inherit (get_global_shell_values target)
source
destination
mode
dir_mode
username
group
;
owner = lib.strings.concatStringsSep ":" (
filter (val: val != "") [
username
group
]
);
dir_flags = lib.strings.concatStringsSep " " [
(if dir_mode != "" then "-m ${dir_mode}" else "")
(if username != "" then "-o ${username}" else "")
(if group != "" then "-g ${group}" else "")
];
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
create_containing_directories "$full_dest" ${dir_flags}
$DRY_RUN_CMD ln $VERBOSE_ARG -s "$file" "$full_dest"
$DRY_RUN_CMD chown $VERBOSE_ARG -h ${owner} "$full_dest"
done
''
]
else
[
''
create_containing_directories ${destination} ${dir_flags}
$DRY_RUN_CMD ln $VERBOSE_ARG -s ${source} ${destination}
$DRY_RUN_CMD chown $VERBOSE_ARG -h ${owner} ${destination}
''
]
);
"uninstall" = (
target:
let
inherit (get_global_shell_values target)
source
destination
;
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
$DRY_RUN_CMD echo rm -f "$full_dest"
done
''
]
else
[
''
$DRY_RUN_CMD echo rm -f ${destination}
''
]
);
};
install_target_options = username: {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
defaultText = "enable";
example = lib.literalExpression false;
description = "Whether we want to install files in this user's home directory.";
};
options.me.install = { file = lib.mkOption {
user = lib.mkOption {
default = { }; default = { };
type = lib.types.attrsOf ( type = lib.types.attrsOf (
lib.types.submodule ( lib.types.submodule (
{ name, config, ... }: { name, config, ... }:
let let
username = name; path = name;
in in
{ {
options = { options = {
@ -194,91 +360,92 @@ in
default = true; default = true;
defaultText = "enable"; defaultText = "enable";
example = lib.literalExpression false; example = lib.literalExpression false;
description = "Whether we want to install files in this user's home directory."; description = "Whether we want to install this file in this user's home directory.";
}; };
username = lib.mkOption {
file = lib.mkOption { type = lib.types.str;
type = lib.types.attrsOf ( defaultText = "username";
lib.types.submodule ( example = "root";
{ name, config, ... }: description = "The username for the user whose home directory will contain the file.";
let
path = name;
in
{
options = {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
defaultText = "enable";
example = lib.literalExpression false;
description = "Whether we want to install this file in this user's home directory.";
};
username = lib.mkOption {
type = lib.types.str;
defaultText = "username";
example = "root";
description = "The username for the user whose home directory will contain the file.";
};
target = lib.mkOption {
type = lib.types.str;
defaultText = "target";
example = ".local/share/foo/bar.txt";
description = "The path where the file should be written.";
};
method = lib.mkOption {
type = lib.types.enum [
"symlink"
"overwrite"
# "bind_mount" TODO: for directories?
];
default = "symlink";
defaultText = "me.install.file.path.method";
example = "overwrite";
description = "The way in which the file should be installed.";
};
mode = lib.mkOption {
type = lib.types.str;
default = "0444";
defaultText = "me.install.file.path.mode";
example = "0750";
description = "The read, write, execute permission flags.";
};
dir_mode = lib.mkOption {
type = lib.types.str;
default = "0755";
defaultText = "dir_mode";
example = "0755";
description = "The read, write, execute permission flags for any parent directories that need to be created.";
};
source = lib.mkOption {
type = lib.types.path;
defaultText = "me.install.file.path.source";
example = ./files/foo.txt;
description = "The source file to install into the destination.";
};
recursive = lib.mkOption {
type = lib.types.bool;
default = false;
defaultText = "recursive";
example = lib.literalExpression false;
description = "Whether we want to recurse through the directory doing individual installs for each file.";
};
};
config = {
username = lib.mkDefault username;
target = lib.mkDefault path;
};
}
)
);
}; };
target = lib.mkOption {
type = lib.types.str;
defaultText = "target";
example = ".local/share/foo/bar.txt";
description = "The path where the file should be written.";
};
method = lib.mkOption {
type = lib.types.enum [
"symlink"
"overwrite"
# "bind_mount" TODO: for directories?
];
default = "symlink";
defaultText = "me.install.file.path.method";
example = "overwrite";
description = "The way in which the file should be installed.";
};
mode = lib.mkOption {
type = lib.types.str;
default = "0444";
defaultText = "me.install.file.path.mode";
example = "0750";
description = "The read, write, execute permission flags.";
};
dir_mode = lib.mkOption {
type = lib.types.str;
default = "0755";
defaultText = "dir_mode";
example = "0755";
description = "The read, write, execute permission flags for any parent directories that need to be created.";
};
source = lib.mkOption {
type = lib.types.path;
defaultText = "me.install.file.path.source";
example = ./files/foo.txt;
description = "The source file to install into the destination.";
};
recursive = lib.mkOption {
type = lib.types.bool;
default = false;
defaultText = "recursive";
example = lib.literalExpression false;
description = "Whether we want to recurse through the directory doing individual installs for each file.";
};
};
config = {
username = lib.mkDefault username;
target = lib.mkDefault path;
}; };
} }
) )
); );
}; };
}; };
in
{
imports = [ ];
options.me.install = (
{
user = lib.mkOption {
default = { };
type = lib.types.attrsOf (
lib.types.submodule (
{ name, config, ... }:
let
username = name;
in
{
options = (install_target_options username);
}
)
);
};
}
// (install_target_options "root")
);
config = config =
let let
@ -288,11 +455,17 @@ in
builtins.map (user: (builtins.map (path: user.file."${path}") (attrNames user.file))) enabled_users builtins.map (user: (builtins.map (path: user.file."${path}") (attrNames user.file))) enabled_users
); );
enabled_file_targets = filter (target: target.enable) all_file_targets; enabled_file_targets = filter (target: target.enable) all_file_targets;
check_commands = lib.flatten (builtins.map (install_user_file "check") enabled_file_targets); all_global_file_targets = (builtins.map (path: cfg.file."${path}") (attrNames cfg.file));
install_commands = lib.flatten (builtins.map (install_user_file "install") enabled_file_targets); enabled_global_file_targets = filter (target: target.enable) all_global_file_targets;
uninstall_commands = lib.flatten ( check_commands =
builtins.map (install_user_file "uninstall") enabled_file_targets (lib.flatten (builtins.map (install_global_file "check") enabled_global_file_targets))
); ++ (lib.flatten (builtins.map (install_user_file "check") enabled_file_targets));
install_commands =
(lib.flatten (builtins.map (install_global_file "install") enabled_global_file_targets))
++ (lib.flatten (builtins.map (install_user_file "install") enabled_file_targets));
uninstall_commands =
(lib.flatten (builtins.map (install_global_file "uninstall") enabled_global_file_targets))
++ (lib.flatten (builtins.map (install_user_file "uninstall") enabled_file_targets));
in in
{ {
systemd.services.me-install-file = { systemd.services.me-install-file = {