From 492d63ad8546874b79750d9fe561212b13ccdb50 Mon Sep 17 00:00:00 2001 From: Yan Lin Date: Sun, 27 Jul 2025 18:33:42 +0200 Subject: [PATCH] Document SSH configuration management in README MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Add SSH configuration section with feature overview - Document host management workflow and security practices - Update file structure to include ssh.nix module - Clarify separation between tracked config and local keys 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- README.md | 37 ++++++++++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index c84837f..acb56f0 100644 --- a/README.md +++ b/README.md @@ -30,6 +30,7 @@ home-manager switch --flake github:Logan-Lin/nix-config#yanlin ├── tmux.sh # Tmux session automation script ├── modules/ # Nix configuration modules │ ├── nvim.nix # Neovim configuration with plugins and keymaps +│ ├── ssh.nix # SSH client configuration and host management │ ├── tmux.nix # Tmux setup with vim-like navigation │ └── zsh.nix # Zsh with Powerlevel10k and modern CLI tools ├── config/ # Configuration files @@ -91,7 +92,7 @@ home-manager switch --flake github:Logan-Lin/nix-config#yanlin | Key | Action | |-----|--------| | `Ctrl+a` | Prefix key | -| `Ctrl+a |` | Split window vertically | +| `Ctrl+a` | Split window vertically | | `Ctrl+a -` | Split window horizontally | | `Ctrl+a h/j/k/l` | Navigate panes (vim-style) | | `Ctrl+a H/J/K/L` | Resize panes | @@ -105,6 +106,40 @@ home-manager switch --flake github:Logan-Lin/nix-config#yanlin | `y` | Copy selection to system clipboard | | `r` | Toggle rectangle selection | +### 🔐 SSH Configuration + +**Configuration**: `modules/ssh.nix` +**Purpose**: Declarative SSH client configuration and host management + +#### Key Features: +- **Declarative Hosts**: All SSH hosts defined in nix configuration +- **Version Controlled**: SSH config tracked with git alongside other configurations +- **Reproducible**: Same SSH setup deployable across multiple machines +- **Security**: Private keys remain local and untracked + +#### Host Management: +Edit SSH hosts in `modules/ssh.nix`, then apply changes: +```bash +home-manager switch --flake .#yanlin +``` + +#### Configured Hosts: +- **aicloud**: Development server via proxy jump +- **nas**: Network storage server +- **pi**: Raspberry Pi home server +- **cm**: Compute module +- **personal-vps**: Cloud VPS instance +- **zero**: Pi Zero device +- **ucloud-a40**: A40 GPU cluster +- **ucloud-h100**: H100 GPU cluster + +#### Security Best Practices: +- ✅ **SSH configuration**: Managed by nix (hosts, ports, usernames) +- ❌ **Private keys**: Keep local in `~/.ssh/keys/` (not tracked by nix) +- ❌ **known_hosts**: Generated locally (not synced) + +**Important**: Only the SSH client configuration is managed by nix. Private keys and sensitive data remain local and secure. + ### 🐚 Zsh with Powerlevel10k **Theme**: Powerlevel10k lean style with 2-line prompt