fix(client): keychain -> ssh-agent

keychain is cool but is first of all unmaintained, and only really works in the context of a shell. since it "dynamically" starts agents and exports variables (with set -U to make matters worse), nothing exists outside of the context of the shell which makes it impossible to sign commits in gui apps (except vscode for some reason); using a classical ssh-agent with the env var exported by hand simply works
2024-12-31 10:58:58 +01:00 · 2024-12-31 10:58:58 +01:00 · aa4aac6063
commit aa4aac6063
parent ccbff72f9e
3 changed files with 17 additions and 8 deletions
--- a/configs/client.nix
+++ b/configs/client.nix
@ -3,8 +3,9 @@
  imports = [
    ./common.nix

-    ../programs/rust.nix
    ../programs/neovim
+    ../programs/rust.nix
+    ../programs/ssh-agent.nix
  ];

  environment.systemPackages = with pkgs; [
@ -14,12 +15,6 @@
    nixd
  ];

-  hm.programs.keychain = {
-    enable = true;
-    agents = [ "ssh" ];
-    keys = [ "id_ed25519" ];
-  };
-
  networking = {
    useNetworkd = false;
    networkmanager = {
--- a/programs/kde.nix
+++ b/programs/kde.nix
@ -12,9 +12,10 @@
    };
  };

+  security.pam.services.sddm.kwallet.enable = true;
+
  environment = {
    systemPackages = with pkgs; [
-      flameshot
      gnome-calculator
      camasca.packages.${pkgs.system}.koi
    ];
--- a/programs/ssh-agent.nix
+++ b/programs/ssh-agent.nix
@ -0,0 +1,13 @@
+{ lib, pkgs, ... }:
+{
+  environment.sessionVariables = {
+    SSH_AUTH_SOCK = "\${XDG_RUNTIME_DIR}/ssh-agent";
+    SSH_ASKPASS_REQUIRE = "prefer";
+  };
+
+  systemd.user.services.ssh-agent = {
+    wantedBy = [ "default.target" ];
+    environment.SSH_AUTH_SOCK = "%t/ssh-agent";
+    script = "${lib.getExe' pkgs.openssh "ssh-agent"} -d -a $SSH_AUTH_SOCK";
+  };
+}