Configure wireguard and ssh access for mac

2025-07-10 10:45:06 +02:00 · 2025-07-10 10:45:06 +02:00 · b7ff5d4869
commit b7ff5d4869
parent 261331252a
4 changed files with 41 additions and 0 deletions
--- a/.authorized-keys/dingleberry
+++ b/.authorized-keys/dingleberry
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxA6m6fD1jch/HwkWBaaYyr0HPttzM0i1D+V2MtMmFK becky@dingleberry
--- a/.authorized-keys/lcech-mac-veracode
+++ b/.authorized-keys/lcech-mac-veracode
@ -0,0 +1 @@
 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFOQaA7023StG5vSl0txUbAXmPdsIFeWHLDHXlT5yZp lcech@lcech-mac-veracode
--- a/darwin/lcech-mac-veracode.nix
+++ b/darwin/lcech-mac-veracode.nix
@ -24,4 +24,8 @@
    "/Applications/zoom.us.app"
    "/System/Applications/Notes.app"
  ];
  users.users.lcech.openssh.authorizedKeys.keys = [
    "${builtins.readFile ../.authorized-keys/dingleberry}"
  ];
 }
--- a/home-manager/lcech-mac-veracode.nix
+++ b/home-manager/lcech-mac-veracode.nix
@ -53,6 +53,20 @@ in
      '';
    };
    "${homedir}/.ssh/config" = {
      text = ''
        Include /Users/lcech/.colima/ssh_config
        host git.c3c.cz
                Port 5522
        host dingleberry
                User becky
                Hostname 10.196.196.5
                IdentityFile ~/.ssh/id_ed25519_access
      '';
    };
    "${homedir}/.hammerspoon/hmSpoons/C3CWorkspace.spoon" = {
      source = ./hammerspoon/C3CWorkspace.spoon;
      recursive = true;
@ -158,6 +172,27 @@ in
    shellAliases = {
      hammerspoon-config = "open -a ${pkgs.hammerspoon}/Applications/Hammerspoon.app/Contents/MacOS/Hammerspoon";
      get-key = "${pkgs.writeShellScript "get-key" ''
        scp dingleberry:/self/hintihint/keys/sum.key ${homedir}/hw.key
        read -p "waiting for confirmation to delete the key"
        rm ${homedir}/hw.key
      ''}";
      wg-home = "${pkgs.writeShellScript "wg-home" ''
        WG=$(sudo wg show)
        if [[ "$WG" != "" ]]; then
          if [[ $(echo "$WG" | grep endpoint | cut -c13-26) == "10.125.248.248" ]]; then
            sudo wg-quick down /etc/wireguard/home.conf
          else
            sudo wg-quick down /etc/wireguard/home-remote.conf
          fi
        fi
        if [[ $(dig +short myip.opendns.com @resolver1.opendns.com) == "185.142.210.84" ]]; then
          sudo wg-quick up /etc/wireguard/home.conf
        else
          sudo wg-quick up /etc/wireguard/home-remote.conf
        fi
      ''}";
    };
    initContent = ''
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKxA6m6fD1jch/HwkWBaaYyr0HPttzM0i1D+V2MtMmFK becky@dingleberry`
		`@ -0,0 +1 @@`
							`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKFOQaA7023StG5vSl0txUbAXmPdsIFeWHLDHXlT5yZp lcech@lcech-mac-veracode`