b185a6159f
Apple's built-in ssh-agent has no sk-api/libfido2 support and refuses signing operations for ed25519-sk / ecdsa-sk hardware keys. Enable the existing metacfg.security.ssh module (which runs pkgs.openssh's ssh-agent under launchd) via the common darwin suite, and export SSH_AUTH_SOCK from environment.shellInit so bash, zsh, and fish (via /etc/fish/foreign-env/shellInit) all point at the nix-managed socket.
39 lines
571 B
Nix
39 lines
571 B
Nix
{
|
|
options,
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
with lib;
|
|
with lib.metacfg;
|
|
let
|
|
cfg = config.metacfg.suites.common;
|
|
in
|
|
{
|
|
options.metacfg.suites.common = with types; {
|
|
enable = mkBoolOpt false "Whether or not to enable common configuration.";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
programs.fish = enabled;
|
|
|
|
metacfg = {
|
|
nix = enabled;
|
|
|
|
base = enabled;
|
|
|
|
system = {
|
|
fonts = enabled;
|
|
#input = enabled;
|
|
interface = enabled;
|
|
};
|
|
|
|
security = {
|
|
gpg = enabled;
|
|
ssh = enabled;
|
|
};
|
|
};
|
|
};
|
|
}
|