harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

ssh

Browse source 
Signed-off-by: Harald Hoyer <harald@hoyer.xyz>
This commit is contained in:
Harald Hoyer 2025-01-16 04:37:09 +01:00
parent ccc0eda517
commit d86db77250
6 changed files with 44 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
modules/darwin/security/gpg/default.nix
View file

@ -32,9 +32,9 @@ in
environment.shellInit = '' environment.shellInit = ''
export GPG_TTY="$(tty)" export GPG_TTY="$(tty)"
#export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket) #export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
if test -z "$SSH_AGENT_PID"; then #if test -z "$SSH_AGENT_PID"; then
eval $(ssh-agent -s) # eval $(ssh-agent -s)
fi #fi
${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent
gpg_agent_timeout_status=$? gpg_agent_timeout_status=$?

33
modules/darwin/security/ssh/default.nix Normal file
View file

@ -0,0 +1,33 @@
{
lib,
config,
pkgs,
inputs,
...
}:
let
inherit (lib) types mkEnableOption mkIf;
inherit (lib.metacfg) mkOpt;
cfg = config.metacfg.security.ssh;
in
{
options.metacfg.security.ssh = {
enable = mkEnableOption "SSH";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [ openssh ];
launchd.user.agents.ssh-agent.serviceConfig = {
EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock";
ProgramArguments = [
"${pkgs.openssh}/bin/ssh-agent"
"-s"
"-D"
];
RunAtLoad = true;
#KeepAlive.SuccessfulExit = true;
};
};
}

1
modules/darwin/suites/common/default.nix
View file

@ -32,6 +32,7 @@ in
security = { security = {
gpg = enabled; gpg = enabled;
ssh = enabled;
}; };
}; };
}; };

1
modules/nixos/user/default.nix
View file

@ -54,6 +54,7 @@ in
"sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz" "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM=" "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs="
] "ssh keys"; ] "ssh keys";
extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`."); extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
}; };

1
systems/aarch64-linux/m4nix/default.nix
View file

@ -37,7 +37,6 @@ with lib.metacfg;
security.tpm2.enable = false; security.tpm2.enable = false;
security.tpm2.abrmd.enable = false; security.tpm2.abrmd.enable = false;
services.ratbagd.enable = true; services.ratbagd.enable = true;
services.resolved.enable = true; services.resolved.enable = true;