guix-home-manager

Julien LepillerFri Jul 26 20:44:05+0200 2019

35e30a1

home: Add keepassxc support. * home/ssh.scm: New file. * doc/ssh.md: New file.

doc/ssh.md unknown status 1

 OpenSSH
 =======
 OpenSSH is an SSH client and server software.  It allows you to connect to
 remote machines securely.
 Main Configuration
 ------------------
 The main configuration is not complete compared to the configuration possibilities
 of the client. It however implements a big part of the possibilities.
 **Scheme Procedure**: (ssh-home config)
 Generates configuration files for OpenSSH, according to config, an
 ssh-configuration object.
 **Data Type**: ssh-configuration
 Data type that represents the OpenSSH configuration. This data type has the
 following fields:
 * **authorized-keys** (default '()): A list of strings, each denoting an authorized
   key. This is the set of the public keys that can be used to connect as this
   user.
 * **known-hosts** (default '()): A list of ssh-known-host-configuration objects
   that denote the list of hosts whose identity is known. You will not be asked
   to validate these identities again, but will not be able to connect to a host
   that doesn't match its known public key, for your security.
 * **hosts** (default: '()): A list of ssh-host-configuration objects, each
   denoting connection parameters for specific hosts.
 * **default-host**: An ssh-host-configuration object that denotes the default
   connection options, such as a private key (also known as an identity file).
 Example
 -------
 ```scheme
 (ssh-home
   (ssh-configuration
     (authorized-keys '("ssh-rsa ... alice@computilo"))
     (known-hosts
       (list
         (ssh-known-host-configuration
          (names '("git.savannah.gnu.org" "git.sv.gnu.org" "208.118.235.201"
                   "209.51.188.201"))
          (key (string-append
                 "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBP9c1Z2f4O"
                 "HxymvLxqxQ/hY1g0ol0/iiXUrVFGZBBq4h5gD05c7Gw9rRrcrvF9XvumBvOghO"
                 "QzDSZZLRWvFGocA=")))))
     (default-host
       (ssh-host-configuration
         (identity-file "/data/alice/.ssh/id_rsa")))))
 ```
 Known Hosts Configuration
 -------------------------
 Each known host can be configured with the following data type:
 **Data Type**: ssh-known-host-configuration
 This data type represents a known host. It contains the following fields:
 * **names**: a list of names or ip addresses that correspond to this host.
 * **algo** (default: "ecdsa-sha2-nistp256"): the algorithm used by the server
   to identify itself.
 * **key**: The public key with which the server identifies itself.
 Host Configuration
 ------------------
 Each host to which you may desire to connect to can be configured with the
 following data type:
 **Data Type**: ssh-host-configuration
 This data type represents a host. It contains the following fields:
 * **host-name** (default: "\*"): The network name of the server.
 * **identity-file** (default: #f): A private key file used to identify on the
   server. If not set, the default file will be used or `~/.ssh/id_rsa`.
 * **name** (default: "\*"): A name used to identify this host. If, for instance,
   you choose "foo", you will be able to connect to this host with this configuration
   with `ssh foo`.
 * **port** (default: #f): The port number on which the host listens for ssh
   connections. If not set, the default port will be used or 22.
 * **user** (default: #f): The username with which to connect. If not set, the
   default user name will be used or your own user name.
 If you connect to a configured host with its name, you can still override values
 on the command line in the usual way. For instance, if you want to connect to
 foo, but on a different port, you can run `ssh foo -p 2222`. Additionally, this
 data type is used for default configuration. The default host will set default
 values for every other hosts, and if not set anywhere, global defaults apply.

home/ssh.scm unknown status 1

 ;;; Guix Home Manager.
 ;;;
 ;;; Copyright ?? 2019 Julien Lepiller <julien@lepiller.eu>
 ;;;
 ;;; This program is free software: you can redistribute it and/or modify
 ;;; it under the terms of the GNU General Public License as published by
 ;;; the Free Software Foundation, either version 3 of the License, or
 ;;; (at your option) any later version.
 ;;;
 ;;; This program is distributed in the hope that it will be useful,
 ;;; but WITHOUT ANY WARRANTY; without even the implied warranty of
 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 ;;; GNU General Public License for more details.
 ;;;
 ;;; You should have received a copy of the GNU General Public License
 ;;; along with this program.  If not, see <http://www.gnu.org/licenses/>.
 (define-module (home ssh)
   #:use-module (guix build utils)
   #:use-module (guix gexp)
   #:use-module (guix records)
   #:use-module (gnu packages lxde)
   #:use-module (ice-9 match)
   #:export (ssh-configuration
             ssh-configuration-authorized-keys
             ssh-configuration-known-hosts
             ssh-configuration-hosts
             ssh-configuration-default-host
             ssh-host-configuration
             ssh-host-configuration-host-name
             ssh-host-configuration-identity-file
             ssh-host-configuration-name
             ssh-host-configuration-port
             ssh-host-configuration-user
             ssh-known-host-configuration
             ssh-known-host-configuration-names
             ssh-known-host-configuration-algo
             ssh-known-host-configuration-key
             ssh-home))
 (define-record-type* <ssh-host-configuration>
   ssh-host-configuration make-ssh-host-configuration
   ssh-host-configuration?
   (host-name     ssh-host-configuration-host-name
                  (default "*"))
   (identity-file ssh-host-configuration-identity-file
                  (default #f))
   (name          ssh-host-configuration-name
                  (default "*"))
   (port          ssh-host-configuration-port
                  (default #f))
   (user          ssh-host-configuration-user
                  (default #f)))
 (define (ssh-host config)
   (match config
     (($ <ssh-host-configuration> host-name identity-file name port user)
      (string-append "Host " name "\n"
                     "  HostName " host-name "\n"
                     (if identity-file
                         (string-append "  IdentityFile " identity-file "\n")
                         "")
                     (if port
                         (string-append "  Port " port "\n")
                         "")
                     (if user
                         (string-append "  User " user "\n")
                         "")))))
 (define (default-ssh config)
   (match config
     (($ <ssh-host-configuration> host-name identity-file name port user)
      (string-append
        (if identity-file
            (string-append "IdentityFile " identity-file "\n")
            "")
        (if port
            (string-append "Port " port "\n")
            "")
        (if user
            (string-append "User " user "\n")
            "")))))
 (define (generate-ssh-hosts lst)
   (string-join (map ssh-host lst) "\n\n"))
 (define (generate-ssh-config hosts default-host)
   (string-append (generate-ssh-hosts hosts)
                  "\n\n"
                  (default-ssh default-host)))
 (define-record-type* <ssh-known-host-configuration>
   ssh-known-host-configuration make-ssh-known-host-configuration
   ssh-known-host-configuration?
   (names ssh-known-host-configuration-names)
   (algo  ssh-known-host-configuration-algo
          (default "ecdsa-sha2-nistp256"))
   (key   ssh-known-host-configuration-key))
 (define (known-host config)
   (match config
     (($ <ssh-known-host-configuration> names algo key)
      (string-append
        (match names
          ((name) name)
          ((n1 ns ...)
           (string-join names ",")))
        " " algo " " key))))
 (define-record-type* <ssh-configuration>
   ssh-configuration make-ssh-configuration
   ssh-configuration?
   (authorized-keys ssh-configuration-authorized-keys
                    (default '()))
   (known-hosts     ssh-configuration-known-hosts
                    (default '()))
   (hosts           ssh-configuration-hosts
                    (default '()))
   (default-host    ssh-configuration-default-host
                    (default #f)))
 (define (generate-ssh-authorized-keys lst)
   (string-join lst "\n"))
 (define (generate-ssh-known-hosts lst)
   (string-join (map known-host lst) "\n"))
 (define (ssh-home config)
   (computed-file "ssh-home"
     (match config
       (($ <ssh-configuration> authorized-keys known-hosts hosts default-host)
        #~(let ((config #$(plain-file "config" (generate-ssh-config hosts default-host)))
                (known-hosts #$(plain-file "known_hosts"
                                           (generate-ssh-known-hosts known-hosts)))
                (authorized-keys #$(plain-file
                                     "authorized_keys"
                                     (generate-ssh-authorized-keys authorized-keys)))
                (ssh-dir (string-append #$output "/.ssh")))
            (use-modules (guix build utils))
            (mkdir-p ssh-dir)
            (copy-file authorized-keys (string-append ssh-dir "/authorized_keys"))
            (copy-file known-hosts (string-append ssh-dir "/known_hosts"))
            (copy-file config (string-append ssh-dir "/config")))))
     #:options
     '(#:local-build? #t
       #:modules ((guix build utils)))))