ssh

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
2025-01-16 04:37:09 +01:00 · 2025-01-16 04:37:09 +01:00 · d86db77250
parent ccc0eda517
commit d86db77250
6 changed files with 44 additions and 10 deletions
--- a/homes/aarch64-darwin/harald@m4/default.nix
+++ b/homes/aarch64-darwin/harald@m4/default.nix
@ -11,11 +11,11 @@
    stateVersion = "23.11"; # Please read the comment before changing.
  };

-#  programs.ssh.extraConfig = ''
-#    #UseKeychain yes
-#    #AddKeysToAgent yes
-#    IdentityFile ~/.ssh/id_ed25519
-#  '';
+  #  programs.ssh.extraConfig = ''
+  #    #UseKeychain yes
+  #    #AddKeysToAgent yes
+  #    IdentityFile ~/.ssh/id_ed25519
+  #  '';

  metacfg = {
    cli-apps = {
@ -29,7 +29,7 @@

    tools = {
      #direnv.enable = true;
- #     ssh.enable = true;
+      #     ssh.enable = true;
      git.enable = true;
    };
  };
--- a/modules/darwin/security/gpg/default.nix
+++ b/modules/darwin/security/gpg/default.nix
@ -32,9 +32,9 @@ in
    environment.shellInit = ''
      export GPG_TTY="$(tty)"
      #export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
-      if test -z "$SSH_AGENT_PID"; then
-        eval $(ssh-agent -s)
-      fi
+      #if test -z "$SSH_AGENT_PID"; then
+      #  eval $(ssh-agent -s)
+      #fi

      ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent
      gpg_agent_timeout_status=$?
--- a/modules/darwin/security/ssh/default.nix
+++ b/modules/darwin/security/ssh/default.nix
@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+
+let
+  inherit (lib) types mkEnableOption mkIf;
+  inherit (lib.metacfg) mkOpt;
+
+  cfg = config.metacfg.security.ssh;
+in
+{
+  options.metacfg.security.ssh = {
+    enable = mkEnableOption "SSH";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ openssh ];
+    launchd.user.agents.ssh-agent.serviceConfig = {
+      EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock";
+      ProgramArguments = [
+        "${pkgs.openssh}/bin/ssh-agent"
+        "-s"
+        "-D"
+      ];
+      RunAtLoad = true;
+      #KeepAlive.SuccessfulExit = true;
+    };
+  };
+}
--- a/modules/darwin/suites/common/default.nix
+++ b/modules/darwin/suites/common/default.nix
@ -32,6 +32,7 @@ in

      security = {
        gpg = enabled;
+        ssh = enabled;
      };
    };
  };
--- a/modules/nixos/user/default.nix
+++ b/modules/nixos/user/default.nix
@ -54,6 +54,7 @@ in
      "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs="
    ] "ssh keys";
    extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
  };
--- a/systems/aarch64-linux/m4nix/default.nix
+++ b/systems/aarch64-linux/m4nix/default.nix
@ -37,7 +37,6 @@ with lib.metacfg;
  security.tpm2.enable = false;
  security.tpm2.abrmd.enable = false;

-
  services.ratbagd.enable = true;

  services.resolved.enable = true;