feat: improve SSH configuration and cleanup unused keys

- Commented out default SSH service enablement in common suite. - Updated SSH agent configuration to use dynamic user paths. - Removed outdated SSH keys and added missing key descriptions.
2025-01-16 09:06:46 +01:00 · 2025-01-16 09:06:46 +01:00 · 949e39cdba
commit 949e39cdba
parent 37277447d3
3 changed files with 12 additions and 6 deletions
--- a/modules/common.nix
+++ b/modules/common.nix
@ -4,8 +4,7 @@
    defaultSSHKeys = [
      "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDsb/Tr69YN5MQLweWPuJaRGm+h2kOyxfD6sqKEDTIwoAAAABHNzaDo= harald@fedora.fritz.box"
      "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
-      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs="
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs= s22@termux"
    ];
 }
--- a/modules/darwin/security/ssh/default.nix
+++ b/modules/darwin/security/ssh/default.nix
@ -19,15 +19,22 @@ in

  config = mkIf cfg.enable {
    environment.systemPackages = with pkgs; [ openssh ];
+
+    #environment.shellInit = ''
+    #  export SSH_AUTH_SOCK="$HOME/.ssh/ssh-agent.sock"
+    #'';
+
    launchd.user.agents.ssh-agent.serviceConfig = {
-      EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock";
+      Label = "ssh-agent";
+      EnvironmentVariables.SSH_AUTH_SOCK = "/Users/${config.metacfg.user.name}/.ssh/ssh-agent.sock";
      ProgramArguments = [
        "${pkgs.openssh}/bin/ssh-agent"
-        "-s"
+        "-a"
+        "/Users/${config.metacfg.user.name}/.ssh/ssh-agent.sock"
        "-D"
      ];
      RunAtLoad = true;
-      #KeepAlive.SuccessfulExit = true;
+      KeepAlive.SuccessfulExit = true;
    };
  };
 }
--- a/modules/darwin/suites/common/default.nix
+++ b/modules/darwin/suites/common/default.nix
@ -32,7 +32,7 @@ in

      security = {
        gpg = enabled;
-        ssh = enabled;
+        #ssh = enabled;
      };
    };
  };