fix(client): keychain -> ssh-agent

keychain is cool but is first of all unmaintained, and only really works
in the context of a shell. since it "dynamically" starts agents and
exports variables (with set -U to make matters worse), nothing exists
outside of the context of the shell which makes it impossible to sign
commits in gui apps (except vscode for some reason); using a classical
ssh-agent with the env var exported by hand simply works

configs/client.nix

@@ -3,8 +3,9 @@
   imports = [
     ./common.nix
 
-    ../programs/rust.nix
     ../programs/neovim
+    ../programs/rust.nix
+    ../programs/ssh-agent.nix
   ];
 
   environment.systemPackages = with pkgs; [
@@ -14,12 +15,6 @@
     nixd
   ];
 
-  hm.programs.keychain = {
-    enable = true;
-    agents = [ "ssh" ];
-    keys = [ "id_ed25519" ];
-  };
-
   networking = {
     useNetworkd = false;
     networkmanager = {

programs/kde.nix

@@ -12,9 +12,10 @@
     };
   };
 
+  security.pam.services.sddm.kwallet.enable = true;
+
   environment = {
     systemPackages = with pkgs; [
-      flameshot
       gnome-calculator
       camasca.packages.${pkgs.system}.koi
     ];

programs/ssh-agent.nix

@@ -0,0 +1,13 @@
+{ lib, pkgs, ... }:
+{
+  environment.sessionVariables = {
+    SSH_AUTH_SOCK = "\${XDG_RUNTIME_DIR}/ssh-agent";
+    SSH_ASKPASS_REQUIRE = "prefer";
+  };
+
+  systemd.user.services.ssh-agent = {
+    wantedBy = [ "default.target" ];
+    environment.SSH_AUTH_SOCK = "%t/ssh-agent";
+    script = "${lib.getExe' pkgs.openssh "ssh-agent"} -d -a $SSH_AUTH_SOCK";
+  };
+}