From 99a2935bc7e097b995a7dbd7f93bd31e0a6289cd Mon Sep 17 00:00:00 2001
From: Artemis Tosini <me@artem.ist>
Date: Fri, 27 Aug 2021 23:11:59 +0000
Subject: [PATCH] Add SSH to home-manager

---
 home/default.nix |  1 +
 home/ssh.nix     | 29 +++++++++++++++++++++++++++--
 private          |  2 +-
 3 files changed, 29 insertions(+), 3 deletions(-)

diff --git a/home/default.nix b/home/default.nix
index 21d69d0..aea42b0 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -14,6 +14,7 @@
       ./mpv.nix
       ./kitty.nix
       ./neovim
+      ./ssh.nix
     ];
 
     services.syncthing.enable = true;
diff --git a/home/ssh.nix b/home/ssh.nix
index bc65946..9fc918b 100644
--- a/home/ssh.nix
+++ b/home/ssh.nix
@@ -1,10 +1,35 @@
 { config, pkgs, ... }:
 
 {
+  # Make sure controlPath directory exists
+  home.file.".ssh/c/.dummy".text = "";
   programs.ssh = {
     enable = true;
     controlMaster = "auto";
-    controlPersist = "1h";
-    controlPath = "~/.ssh/sockets/%r@%n:%p";
+    controlPersist = "10m";
+    controlPath = "~/.ssh/c/%r@%n:%p";
+    hashKnownHosts = true;
+    # We have to do this as text to gaurantee it's part of the last Host * block
+    extraConfig = ''
+            HostKeyAlgorithms ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-ed25519,ssh-rsa,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp521,ecdsa-sha2-nistp384,ecdsa-sha2-nistp256
+            KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+      MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+            Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+            VerifyHostKeyDNS ask
+            VisualHostKey yes
+            UpdateHostKeys ask
+    '';
+
+    # Most hosts are set in private
+    matchBlocks = {
+      "*.cmu.edu" = {
+        user = "atosini";
+        extraOptions = {
+          GSSAPIAuthentication = "yes";
+          GSSAPIDelegateCredentials = "yes";
+        };
+      };
+      "github.com".extraOptions.ControlMaster = "no";
+    };
   };
 }
diff --git a/private b/private
index 2d2356d..3512e17 160000
--- a/private
+++ b/private
@@ -1 +1 @@
-Subproject commit 2d2356dc284d8cbee99f7835a7e52b9e325747ed
+Subproject commit 3512e177ea84eccde10e92f2f59f9ca53fd12be3