feat(darwin): enable launchd ssh-agent with FIDO/SK support

Apple's built-in ssh-agent has no sk-api/libfido2 support and refuses signing operations for ed25519-sk / ecdsa-sk hardware keys. Enable the existing metacfg.security.ssh module (which runs pkgs.openssh's ssh-agent under launchd) via the common darwin suite, and export SSH_AUTH_SOCK from environment.shellInit so bash, zsh, and fish (via /etc/fish/foreign-env/shellInit) all point at the nix-managed socket.
2026-05-18 12:18:22 +02:00 · 2026-05-18 12:18:22 +02:00 · b185a6159f
commit b185a6159f
parent 0990389464
2 changed files with 4 additions and 4 deletions
--- a/modules/darwin/suites/common/default.nix
+++ b/modules/darwin/suites/common/default.nix
@ -32,7 +32,7 @@ in

      security = {
        gpg = enabled;
-        #ssh = enabled;
+        ssh = enabled;
      };
    };
  };