From d86db77250991a689dc50eb003d0432d76b64058 Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Thu, 16 Jan 2025 04:37:09 +0100 Subject: [PATCH] ssh Signed-off-by: Harald Hoyer --- homes/aarch64-darwin/harald@m4/default.nix | 12 ++++---- modules/darwin/security/gpg/default.nix | 6 ++-- modules/darwin/security/ssh/default.nix | 33 ++++++++++++++++++++++ modules/darwin/suites/common/default.nix | 1 + modules/nixos/user/default.nix | 1 + systems/aarch64-linux/m4nix/default.nix | 1 - 6 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 modules/darwin/security/ssh/default.nix diff --git a/homes/aarch64-darwin/harald@m4/default.nix b/homes/aarch64-darwin/harald@m4/default.nix index 16c4749..245353c 100644 --- a/homes/aarch64-darwin/harald@m4/default.nix +++ b/homes/aarch64-darwin/harald@m4/default.nix @@ -11,11 +11,11 @@ stateVersion = "23.11"; # Please read the comment before changing. }; -# programs.ssh.extraConfig = '' -# #UseKeychain yes -# #AddKeysToAgent yes -# IdentityFile ~/.ssh/id_ed25519 -# ''; + # programs.ssh.extraConfig = '' + # #UseKeychain yes + # #AddKeysToAgent yes + # IdentityFile ~/.ssh/id_ed25519 + # ''; metacfg = { cli-apps = { @@ -29,7 +29,7 @@ tools = { #direnv.enable = true; - # ssh.enable = true; + # ssh.enable = true; git.enable = true; }; }; diff --git a/modules/darwin/security/gpg/default.nix b/modules/darwin/security/gpg/default.nix index fd86177..6d5ccc1 100644 --- a/modules/darwin/security/gpg/default.nix +++ b/modules/darwin/security/gpg/default.nix @@ -32,9 +32,9 @@ in environment.shellInit = '' export GPG_TTY="$(tty)" #export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) - if test -z "$SSH_AGENT_PID"; then - eval $(ssh-agent -s) - fi + #if test -z "$SSH_AGENT_PID"; then + # eval $(ssh-agent -s) + #fi ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent gpg_agent_timeout_status=$? diff --git a/modules/darwin/security/ssh/default.nix b/modules/darwin/security/ssh/default.nix new file mode 100644 index 0000000..da10d84 --- /dev/null +++ b/modules/darwin/security/ssh/default.nix @@ -0,0 +1,33 @@ +{ + lib, + config, + pkgs, + inputs, + ... +}: + +let + inherit (lib) types mkEnableOption mkIf; + inherit (lib.metacfg) mkOpt; + + cfg = config.metacfg.security.ssh; +in +{ + options.metacfg.security.ssh = { + enable = mkEnableOption "SSH"; + }; + + config = mkIf cfg.enable { + environment.systemPackages = with pkgs; [ openssh ]; + launchd.user.agents.ssh-agent.serviceConfig = { + EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock"; + ProgramArguments = [ + "${pkgs.openssh}/bin/ssh-agent" + "-s" + "-D" + ]; + RunAtLoad = true; + #KeepAlive.SuccessfulExit = true; + }; + }; +} diff --git a/modules/darwin/suites/common/default.nix b/modules/darwin/suites/common/default.nix index 4cb7bf1..099acf1 100644 --- a/modules/darwin/suites/common/default.nix +++ b/modules/darwin/suites/common/default.nix @@ -32,6 +32,7 @@ in security = { gpg = enabled; + ssh = enabled; }; }; }; diff --git a/modules/nixos/user/default.nix b/modules/nixos/user/default.nix index 4e34bdb..f0c531e 100644 --- a/modules/nixos/user/default.nix +++ b/modules/nixos/user/default.nix @@ -54,6 +54,7 @@ in "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" + "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs=" ] "ssh keys"; extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.`."); }; diff --git a/systems/aarch64-linux/m4nix/default.nix b/systems/aarch64-linux/m4nix/default.nix index 45609be..b94d356 100644 --- a/systems/aarch64-linux/m4nix/default.nix +++ b/systems/aarch64-linux/m4nix/default.nix @@ -37,7 +37,6 @@ with lib.metacfg; security.tpm2.enable = false; security.tpm2.abrmd.enable = false; - services.ratbagd.enable = true; services.resolved.enable = true;