ssh-tpm-agent experiement failed again · wiro.world/dotfiles@21a61ff

+16 -2

5 changed files

expand all

home-manager

fragments

jujutsu.nix

profiles

desktop.nix

nixos

fragments

security.nix

profiles

laptop.nix

secrets

keys.nix

+1 -1

home-manager/fragments/jujutsu.nix

··· 30 30 signing = { 31 31 behavior = "own"; 32 32 backend = "ssh"; 33 - key = keys.milo-ed25519; 33 + key = keys.milo-ecdsa; 34 34 git.sign-on-push = true; 35 35 }; 36 36

home-manager/profiles/desktop.nix

··· 1 1 { 2 2 config, 3 + lib, 3 4 pkgs, 4 5 5 6 isDarwin, ··· 56 57 # Makes electron apps use ozone and not crash because xwayland is not there 57 58 NIXOS_OZONE_WL = "1"; 58 59 60 + SSH_ASKPASS = lib.getExe pkgs.lxqt.lxqt-openssh-askpass; 59 61 # Respect XDG spec 60 62 BUN_INSTALL = "${config.xdg.dataHome}/bun"; 61 63 CALCHISTFILE = "${config.xdg.cacheHome}/calc_history"; ··· 153 155 }; 154 156 155 157 services.tailscale-systray.enable = true; 158 + 159 + services.ssh-tpm-agent.enable = true; 160 + # maybe? needed for ssh-tpm-agent to enroll the key the first time, find another way 156 161 }; 157 162 }

+3 -1

nixos/fragments/security.nix

··· 50 50 }; 51 51 }; 52 52 53 + security.tpm2.enable = true; 54 + 53 55 # Signing 54 56 programs.gnupg.agent.enable = true; 55 57 services.gnome.gnome-keyring.enable = true; ··· 64 66 }; 65 67 }; 66 68 67 - programs.ssh.startAgent = true; 69 + programs.ssh.startAgent = false; 68 70 69 71 services.fwupd.enable = true; 70 72 };

nixos/profiles/laptop.nix

··· 162 162 }; 163 163 164 164 services.earlyoom.enable = true; 165 + 166 + environment.systemPackages = [ 167 + pkgs.keyutils 168 + ]; 165 169 }; 166 170 }

secrets/keys.nix

··· 16 16 17 17 # User keys (~/.ssh/id_{ed25519,ecdsa}.pub) 18 18 milo-ed25519 = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJdt7atyPTOfaBIsgDYYb0DG1yid2u78abaCDji6Uxgi"; 19 + milo-ecdsa = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPtqdjt54Wys20nb8pF74rKtZCWHs/v99BJkL4kyYyz9QyJ3H+YilojTbxj25BjPktqi2GqLHjsdC8L87cTXlhA="; 19 20 wirody = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMdW6ijH9oTsrswUJmQBF2LQkhjrMFkJ1LktnirPuL2S"; 20 21 users = [ 21 22 milo-ed25519 23 + # not supported by age 24 + # milo-ecdsa 22 25 wirody 23 26 ]; 24 27 }

Configure Feed

Configure Feed