🔧 (home) nixify ssh config

home/shell/default.nix

@@ -7,7 +7,7 @@
     ./exa.nix
     ./git.nix
     ./micro.nix
-    # ./ssh.nix
+    ./ssh.nix
     ./mpv.nix
     ./tmux.nix
     ./fish.nix

home/shell/ssh.nix

@@ -1,8 +1,67 @@
-{...}: {
+{
+  pkgs,
+  lib,
+  ...
+}: let
+  gcpHost = {
+    hostname,
+    project,
+    zone,
+    forwardAgent ? false,
+  }: {
+    proxyCommand = "${lib.getExe pkgs.python3} -S ${pkgs.google-cloud-sdk}/google-cloud-sdk/lib/gcloud.py compute start-iap-tunnel ${hostname} %p --listen-on-stdin --project ${project} --zone ${zone} --verbosity warning";
+    forwardAgent = forwardAgent;
+    checkHostIP = false;
+    identitiesOnly = true;
+    extraOptions = {
+      StrictHostKeyChecking = "no";
+      ProxyUseFdpass = "no";
+      UserKnownHostsFile = "~/.ssh/google_compute_known_hosts";
+    };
+  };
+in {
   programs.ssh = {
-    enable = false;
+    enable = true;
 
     compression = true;
     addKeysToAgent = "ask";
+
+    matchBlocks = {
+      "cesium git.fainsin.bzh" = {
+        hostname = "fainsin.bzh";
+        user = "root";
+        port = 624;
+      };
+      "nicole" = {
+        hostname = "3.tcp.eu.ngrok.io";
+        user = "laurent";
+        port = 25077;
+        forwardAgent = true;
+      };
+      "dataverse51" = gcpHost {
+        hostname = "dataverse51";
+        project = "genie-training";
+        zone = "europe-west1-d";
+        forwardAgent = true;
+      };
+      "laurent-dev-hdd" = gcpHost {
+        hostname = "laurent-dev-hdd";
+        project = "genie-training";
+        zone = "europe-west1-b";
+        forwardAgent = true;
+      };
+      "laurent-dev-l4" = gcpHost {
+        hostname = "laurent-dev-l4";
+        project = "genie-training";
+        zone = "europe-west1-b";
+        forwardAgent = true;
+      };
+      "laurent-dev-a100" = gcpHost {
+        hostname = "laurent-dev-a100";
+        project = "genie-training";
+        zone = "europe-west4-a";
+        forwardAgent = true;
+      };
+    };
   };
 }