From aa4aac6063873eea7ee284a659665382b9c4f6c9 Mon Sep 17 00:00:00 2001 From: uku Date: Tue, 31 Dec 2024 10:58:58 +0100 Subject: [PATCH] fix(client): keychain -> ssh-agent keychain is cool but is first of all unmaintained, and only really works in the context of a shell. since it "dynamically" starts agents and exports variables (with set -U to make matters worse), nothing exists outside of the context of the shell which makes it impossible to sign commits in gui apps (except vscode for some reason); using a classical ssh-agent with the env var exported by hand simply works --- configs/client.nix | 9 ++------- programs/kde.nix | 3 ++- programs/ssh-agent.nix | 13 +++++++++++++ 3 files changed, 17 insertions(+), 8 deletions(-) create mode 100644 programs/ssh-agent.nix diff --git a/configs/client.nix b/configs/client.nix index a6cff0b..c009df0 100644 --- a/configs/client.nix +++ b/configs/client.nix @@ -3,8 +3,9 @@ imports = [ ./common.nix - ../programs/rust.nix ../programs/neovim + ../programs/rust.nix + ../programs/ssh-agent.nix ]; environment.systemPackages = with pkgs; [ @@ -14,12 +15,6 @@ nixd ]; - hm.programs.keychain = { - enable = true; - agents = [ "ssh" ]; - keys = [ "id_ed25519" ]; - }; - networking = { useNetworkd = false; networkmanager = { diff --git a/programs/kde.nix b/programs/kde.nix index 57b236b..468a3c1 100644 --- a/programs/kde.nix +++ b/programs/kde.nix @@ -12,9 +12,10 @@ }; }; + security.pam.services.sddm.kwallet.enable = true; + environment = { systemPackages = with pkgs; [ - flameshot gnome-calculator camasca.packages.${pkgs.system}.koi ]; diff --git a/programs/ssh-agent.nix b/programs/ssh-agent.nix new file mode 100644 index 0000000..cb92226 --- /dev/null +++ b/programs/ssh-agent.nix @@ -0,0 +1,13 @@ +{ lib, pkgs, ... }: +{ + environment.sessionVariables = { + SSH_AUTH_SOCK = "\${XDG_RUNTIME_DIR}/ssh-agent"; + SSH_ASKPASS_REQUIRE = "prefer"; + }; + + systemd.user.services.ssh-agent = { + wantedBy = [ "default.target" ]; + environment.SSH_AUTH_SOCK = "%t/ssh-agent"; + script = "${lib.getExe' pkgs.openssh "ssh-agent"} -d -a $SSH_AUTH_SOCK"; + }; +}