From 7bde656c9fab514f7cfd957172de1ea9ef239775 Mon Sep 17 00:00:00 2001 From: jacekpoz Date: Tue, 5 Mar 2024 17:36:26 +0100 Subject: [PATCH] ssh-agent (this shit is crazy read the whole commit message) so first when I wanted to configure ssh to use the correct keys by default I found some guide that used IdentitiesOnly yes so I used it too without even knowing what it does then later when I wanted to nix my ssh config I noticed that it's set to true and didn't know what it does so I read the manpage I wrote the description of the `indentitiesOnly` option of my wrapper module based on that but I didn't really understand what it actually does well, as you can see in the commit history, a day or two ago (forgot) I started using an ssh key to sign my commits and to make things even more convenient I moved all of my private ssh keys to my keepassxc database as attachments I tested it on my main laptop and everything worked fine but on that laptop all the keys were still in ~/.ssh as I didn't just want to immediately delete them and risk losing any well that's what hid this bug - on the main laptop when pushing, it just used the keys in ~/.ssh, which I don't have on this laptop (the one I take to classes) because, well, I did this not to have to copy both the keepassxc database and ~/.ssh between machines - I only copied the keepassxc database as it had all the keys in it well turns out with the config before this commit, it would only try to use keys in ~/.ssh which aren't - and won't - be here so it failed this option makes it actually use keys supplied by ssh-agent, which keepassxc acts as and is the only way to get them in the current setup --- hosts/del/configuration.nix | 35 ++++++----------------------------- hosts/niks/configuration.nix | 35 ++++++----------------------------- modules/services/ssh.nix | 7 ++++--- 3 files changed, 16 insertions(+), 61 deletions(-) diff --git a/hosts/del/configuration.nix b/hosts/del/configuration.nix index 18cd3c50..258a9899 100644 --- a/hosts/del/configuration.nix +++ b/hosts/del/configuration.nix @@ -266,55 +266,32 @@ daemon.enable = false; agent = { enable = true; - hostAliases = let - username = config.myOptions.other.system.username; - hmCfg = config.home-manager.users.${username}; - in { - "github" = { - hostName = "github.com"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/githubkey"; - }; - "git.dupa.edu.pl" = { - hostName = "git.dupa.edu.pl"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitdupaedupl"; - }; - "codeberg" = { - hostName = "codeberg.org"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/codeberg"; - }; - "gitlab" = { - hostName = "gitlab.com"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitlab"; - }; + hostAliases = { + "github".hostName = "github.com"; + "git.dupa.edu.pl".hostName = "git.dupa.edu.pl"; + "codeberg".hostName = "codeberg.org"; + "gitlab".hostName = "gitlab.com"; "aur" = { hostName = "aur.archlinux.org"; user = "aur"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/aur"; }; "jacekpoz" = { hostName = "git.jacekpoz.pl"; user = "forgejo"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/jacekpoz"; }; "chmura" = { hostName = "192.168.15.2"; user = "chmura"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura"; }; "chmura2" = { hostName = "jacekpoz.pl"; user = "chmura"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura"; }; "malina" = { hostName = "192.168.15.3"; user = "malina"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/malina"; - }; - "outfoxxed" = { - hostName = "git.outfoxxed.me"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/outfoxxed"; }; + "outfoxxed".hostName = "git.outfoxxed.me"; }; }; }; diff --git a/hosts/niks/configuration.nix b/hosts/niks/configuration.nix index 85ffd704..d8366d93 100644 --- a/hosts/niks/configuration.nix +++ b/hosts/niks/configuration.nix @@ -237,55 +237,32 @@ daemon.enable = false; agent = { enable = true; - hostAliases = let - username = config.myOptions.other.system.username; - hmCfg = config.home-manager.users.${username}; - in { - "github" = { - hostName = "github.com"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/githubkey"; - }; - "git.dupa.edu.pl" = { - hostName = "git.dupa.edu.pl"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitdupaedupl"; - }; - "codeberg" = { - hostName = "codeberg.org"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/codeberg"; - }; - "gitlab" = { - hostName = "gitlab.com"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitlab"; - }; + hostAliases = { + "github".hostName = "github.com"; + "git.dupa.edu.pl".hostName = "git.dupa.edu.pl"; + "codeberg".hostName = "codeberg.org"; + "gitlab".hostName = "gitlab.com"; "aur" = { hostName = "aur.archlinux.org"; user = "aur"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/aur"; }; "jacekpoz" = { hostName = "git.jacekpoz.pl"; user = "forgejo"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/jacekpoz"; }; "chmura" = { hostName = "192.168.15.2"; user = "chmura"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura"; }; "chmura2" = { hostName = "jacekpoz.pl"; user = "chmura"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura"; }; "malina" = { hostName = "192.168.15.3"; user = "malina"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/malina"; - }; - "outfoxxed" = { - hostName = "git.outfoxxed.me"; - identityFile = "${hmCfg.home.homeDirectory}/.ssh/outfoxxed"; }; + "outfoxxed".hostName = "git.outfoxxed.me"; }; }; }; diff --git a/modules/services/ssh.nix b/modules/services/ssh.nix index 6135daf4..eb47d1bd 100644 --- a/modules/services/ssh.nix +++ b/modules/services/ssh.nix @@ -50,12 +50,13 @@ in { }; identityFile = mkOption { description = "path to the private key"; - type = types.path; + type = with types; nullOr path; + default = null; }; identitiesOnly = mkOption { description = "whether ssh should not use additional identities offered by ssh-agent"; type = types.bool; - default = true; + default = false; }; }; }); @@ -87,7 +88,7 @@ in { HostName ${value.hostName} ${if value.port != null then "Port ${toString value.port}" else ""} User ${value.user} - IdentityFile ${value.identityFile} + ${if value.identityFile != null then "IdentityFile ${value.identityFile}" else ""} IdentitiesOnly ${if value.identitiesOnly then "yes" else "no"} '') cfg.agent.hostAliases)} '';