ssh

Signed-off-by: Harald Hoyer <harald@hoyer.xyz>

homes/aarch64-darwin/harald@m4/default.nix

@@ -11,11 +11,11 @@
     stateVersion = "23.11"; # Please read the comment before changing.
   };
 
-#  programs.ssh.extraConfig = ''
+  #  programs.ssh.extraConfig = ''
-#    #UseKeychain yes
+  #    #UseKeychain yes
-#    #AddKeysToAgent yes
+  #    #AddKeysToAgent yes
-#    IdentityFile ~/.ssh/id_ed25519
+  #    IdentityFile ~/.ssh/id_ed25519
-#  '';
+  #  '';
 
   metacfg = {
     cli-apps = {
@@ -29,7 +29,7 @@
 
     tools = {
       #direnv.enable = true;
- #     ssh.enable = true;
+      #     ssh.enable = true;
       git.enable = true;
     };
   };

modules/darwin/security/gpg/default.nix

@@ -32,9 +32,9 @@ in
     environment.shellInit = ''
       export GPG_TTY="$(tty)"
       #export SSH_AUTH_SOCK=$(${pkgs.gnupg}/bin/gpgconf --list-dirs agent-ssh-socket)
-      if test -z "$SSH_AGENT_PID"; then
+      #if test -z "$SSH_AGENT_PID"; then
-        eval $(ssh-agent -s)
+      #  eval $(ssh-agent -s)
-      fi
+      #fi
 
       ${pkgs.coreutils}/bin/timeout ${builtins.toString cfg.agentTimeout} ${pkgs.gnupg}/bin/gpgconf --launch gpg-agent
       gpg_agent_timeout_status=$?

modules/darwin/security/ssh/default.nix

@@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  pkgs,
+  inputs,
+  ...
+}:
+
+let
+  inherit (lib) types mkEnableOption mkIf;
+  inherit (lib.metacfg) mkOpt;
+
+  cfg = config.metacfg.security.ssh;
+in
+{
+  options.metacfg.security.ssh = {
+    enable = mkEnableOption "SSH";
+  };
+
+  config = mkIf cfg.enable {
+    environment.systemPackages = with pkgs; [ openssh ];
+    launchd.user.agents.ssh-agent.serviceConfig = {
+      EnvironmentVariables.SSH_AUTH_SOCK = "/Users/harald/.ssh/ssh-agent.sock";
+      ProgramArguments = [
+        "${pkgs.openssh}/bin/ssh-agent"
+        "-s"
+        "-D"
+      ];
+      RunAtLoad = true;
+      #KeepAlive.SuccessfulExit = true;
+    };
+  };
+}

modules/darwin/suites/common/default.nix

@@ -32,6 +32,7 @@ in
 
       security = {
         gpg = enabled;
+        ssh = enabled;
       };
     };
   };

modules/nixos/user/default.nix

@@ -54,6 +54,7 @@ in
       "sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBACLgT81iB1iWWVuXq6PdQ5GAAGhaZhSKnveQCvcNnAOZ5WKH80bZShKHyAYzrzbp8IGwLWJcZQ7TqRK+qZdfagAAAAEc3NoOg== harald@hoyer.xyz"
       "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAYbUTKpy4QR3s944/hjJ1UK05asFEs/SmWeUbtS0cdA660sT4xHnRfals73FicOoz+uIucJCwn/SCM804j+wtM="
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMNsmP15vH8BVKo7bdvIiiEjiQboPGcRPqJK0+bH4jKD harald@lenovo.fritz.box"
+      "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEd2N6QSpuAXOXmSN5p2MPKyWe+oT5ayMBoRN3rCz/FS6ZI8PG2tntEte8+hkW7X0vA2dtB3aj2jWbqUJoQ8wKs="
     ] "ssh keys";
     extraOptions = mkOpt attrs { } (mdDoc "Extra options passed to `users.users.<name>`.");
   };

systems/aarch64-linux/m4nix/default.nix

@@ -37,7 +37,6 @@ with lib.metacfg;
   security.tpm2.enable = false;
   security.tpm2.abrmd.enable = false;
 
-
   services.ratbagd.enable = true;
 
   services.resolved.enable = true;