RoastedCheese/niksos
1
0
Fork 0
forked from poz/niksos
Code Pull requests Activity

ssh-agent (this shit is crazy read the whole commit message)

Browse source 
so first when I wanted to configure ssh to use the correct keys by
default I found some guide that used IdentitiesOnly yes so I used it
too without even knowing what it does

then later when I wanted to nix my ssh config I noticed that it's set to
true and didn't know what it does so I read the manpage

I wrote the description of the `indentitiesOnly` option of my wrapper
module based on that but I didn't really understand what it actually
does

well, as you can see in the commit history, a day or two ago (forgot) I
started using an ssh key to sign my commits and to make things even more
convenient I moved all of my private ssh keys to my keepassxc database
as attachments

I tested it on my main laptop and everything worked fine but on that
laptop all the keys were still in ~/.ssh as I didn't just want to
immediately delete them and risk losing any

well that's what hid this bug - on the main laptop when pushing, it just
used the keys in ~/.ssh, which I don't have on this laptop (the one I
take to classes) because, well, I did this not to have to copy both the
keepassxc database and ~/.ssh between machines - I only copied the
keepassxc database as it had all the keys in it

well turns out with the config before this commit, it would only try to
use keys in ~/.ssh which aren't - and won't - be here so it failed

this option makes it actually use keys supplied by ssh-agent, which
keepassxc acts as and is the only way to get them in the current setup
This commit is contained in:
jacekpoz 2024-03-05 17:36:26 +01:00
parent 1cdc94df33
commit 7bde656c9f
Signed by: poz
SSH key fingerprint: SHA256:JyLeVWE4bF3tDnFeUpUaJsPsNlJyBldDGV/dIKSLyN8
3 changed files with 16 additions and 61 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

35
hosts/del/configuration.nix
View file

@ -266,55 +266,32 @@
daemon.enable = false; daemon.enable = false;
agent = { agent = {
enable = true; enable = true;
hostAliases = let hostAliases = {
username = config.myOptions.other.system.username; "github".hostName = "github.com";
hmCfg = config.home-manager.users.${username}; "git.dupa.edu.pl".hostName = "git.dupa.edu.pl";
in { "codeberg".hostName = "codeberg.org";
"github" = { "gitlab".hostName = "gitlab.com";
hostName = "github.com";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/githubkey";
};
"git.dupa.edu.pl" = {
hostName = "git.dupa.edu.pl";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitdupaedupl";
};
"codeberg" = {
hostName = "codeberg.org";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/codeberg";
};
"gitlab" = {
hostName = "gitlab.com";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitlab";
};
"aur" = { "aur" = {
hostName = "aur.archlinux.org"; hostName = "aur.archlinux.org";
user = "aur"; user = "aur";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/aur";
}; };
"jacekpoz" = { "jacekpoz" = {
hostName = "git.jacekpoz.pl"; hostName = "git.jacekpoz.pl";
user = "forgejo"; user = "forgejo";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/jacekpoz";
}; };
"chmura" = { "chmura" = {
hostName = "192.168.15.2"; hostName = "192.168.15.2";
user = "chmura"; user = "chmura";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura";
}; };
"chmura2" = { "chmura2" = {
hostName = "jacekpoz.pl"; hostName = "jacekpoz.pl";
user = "chmura"; user = "chmura";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura";
}; };
"malina" = { "malina" = {
hostName = "192.168.15.3"; hostName = "192.168.15.3";
user = "malina"; user = "malina";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/malina";
};
"outfoxxed" = {
hostName = "git.outfoxxed.me";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/outfoxxed";
}; };
"outfoxxed".hostName = "git.outfoxxed.me";
}; };
}; };
}; };

35
hosts/niks/configuration.nix
View file

@ -237,55 +237,32 @@
daemon.enable = false; daemon.enable = false;
agent = { agent = {
enable = true; enable = true;
hostAliases = let hostAliases = {
username = config.myOptions.other.system.username; "github".hostName = "github.com";
hmCfg = config.home-manager.users.${username}; "git.dupa.edu.pl".hostName = "git.dupa.edu.pl";
in { "codeberg".hostName = "codeberg.org";
"github" = { "gitlab".hostName = "gitlab.com";
hostName = "github.com";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/githubkey";
};
"git.dupa.edu.pl" = {
hostName = "git.dupa.edu.pl";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitdupaedupl";
};
"codeberg" = {
hostName = "codeberg.org";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/codeberg";
};
"gitlab" = {
hostName = "gitlab.com";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/gitlab";
};
"aur" = { "aur" = {
hostName = "aur.archlinux.org"; hostName = "aur.archlinux.org";
user = "aur"; user = "aur";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/aur";
}; };
"jacekpoz" = { "jacekpoz" = {
hostName = "git.jacekpoz.pl"; hostName = "git.jacekpoz.pl";
user = "forgejo"; user = "forgejo";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/jacekpoz";
}; };
"chmura" = { "chmura" = {
hostName = "192.168.15.2"; hostName = "192.168.15.2";
user = "chmura"; user = "chmura";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura";
}; };
"chmura2" = { "chmura2" = {
hostName = "jacekpoz.pl"; hostName = "jacekpoz.pl";
user = "chmura"; user = "chmura";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/chmura";
}; };
"malina" = { "malina" = {
hostName = "192.168.15.3"; hostName = "192.168.15.3";
user = "malina"; user = "malina";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/malina";
};
"outfoxxed" = {
hostName = "git.outfoxxed.me";
identityFile = "${hmCfg.home.homeDirectory}/.ssh/outfoxxed";
}; };
"outfoxxed".hostName = "git.outfoxxed.me";
}; };
}; };
}; };

7
modules/services/ssh.nix
View file

@ -50,12 +50,13 @@ in {
}; };
identityFile = mkOption { identityFile = mkOption {
description = "path to the private key"; description = "path to the private key";
type = types.path; type = with types; nullOr path;
default = null;
}; };
identitiesOnly = mkOption { identitiesOnly = mkOption {
description = "whether ssh should not use additional identities offered by ssh-agent"; description = "whether ssh should not use additional identities offered by ssh-agent";
type = types.bool; type = types.bool;
default = true; default = false;
}; };
}; };
}); });
@ -87,7 +88,7 @@ in {
HostName ${value.hostName} HostName ${value.hostName}
${if value.port != null then "Port ${toString value.port}" else ""} ${if value.port != null then "Port ${toString value.port}" else ""}
User ${value.user} User ${value.user}
IdentityFile ${value.identityFile} ${if value.identityFile != null then "IdentityFile ${value.identityFile}" else ""}
IdentitiesOnly ${if value.identitiesOnly then "yes" else "no"} IdentitiesOnly ${if value.identitiesOnly then "yes" else "no"}
'') cfg.agent.hostAliases)} '') cfg.agent.hostAliases)}
''; '';