nix-darwin
nix-darwin copied to clipboard
preserve host ssh agent
there are some pretty significant difference between the ssh agent shipped with nix-darwin and the default macOS / Darwin ssh agent.
is there any way to prevent nix-darwin from overriding the default host ssh agent in favor of relying on macOS's ssh agent?
an example of one of the issues I have encountered is enabling keychain usage on MacOS.
the nix-darwin ssh options appear to be rather limited: https://mynixos.com/nix-darwin/options/programs.ssh
here is an example configuration using home-manager that does not seem to correctly enable ssh MacOS keychain integration.
ssh = {
enable = true;
extraOptionOverrides = {
ForwardAgent = "no";
# MacOS Keychain Support
# https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent
# Run /usr/bin/ssh-add --apple-use-keychain ~/.ssh/id_github_<id>
AddKeysToAgent = "yes";
UseKeychain = "yes";
IgnoreUnknown = "UseKeychain";
};
# How to use multiple SSH config with GH
# https://medium.com/the-andela-way/a-practical-guide-to-managing-multiple-github-accounts-8e7970c8fd46
# generate an ssh key and add it below
# create a workspace .gitconfig and add it to the global .gitconfig as an includeif directive
# confirm it is working via $ ssh -T github.com-personal
# https://dev.to/chakrit/multiple-identity-gitconfig-with-gpg-signing-8c0
matchBlocks = {
"github.com-austinrivas" = {
hostname = "github.com";
user = "git";
identityFile = [
(lib.mkIf pkgs.stdenv.hostPlatform.isLinux
"/home/${user}/.ssh/id_github_austinrivas"
)
(lib.mkIf pkgs.stdenv.hostPlatform.isDarwin
"/Users/${user}/.ssh/id_github_austinrivas"
)
];
};
"github.com-some-other-gh-user" = {
hostname = "github.com";
user = "git";
identityFile = [
(lib.mkIf pkgs.stdenv.hostPlatform.isLinux
"/home/${user}/.ssh/id_github_some-other-gh-user"
)
(lib.mkIf pkgs.stdenv.hostPlatform.isDarwin
"/Users/${user}/.ssh/id_github_some-other-gh-user"
)
];
};
"github.com-a-third-gh-user" = {
hostname = "github.com";
user = "git";
identityFile = [
(lib.mkIf pkgs.stdenv.hostPlatform.isLinux
"/home/${user}/.ssh/id_github_a-third-gh-user"
)
(lib.mkIf pkgs.stdenv.hostPlatform.isDarwin
"/Users/${user}/.ssh/id_github_a-third-gh-user"
)
];
};
};
};
this results in the following ssh config
AddKeysToAgent yes
ForwardAgent no
IgnoreUnknown UseKeychain
UseKeychain yes
Host github.com-austinrivas
User git
HostName github.com
IdentityFile /Users/minion/.ssh/id_github_austinrivas
Host github.com-some-other-gh-user
User git
HostName github.com
IdentityFile /Users/minion/.ssh/id_github_some-other-gh-user
Host github.com-a-third-gh-user
User git
HostName github.com
IdentityFile /Users/minion/.ssh/id_github_a-third-gh-user
Host *
ForwardAgent no
AddKeysToAgent no
Compression no
ServerAliveInterval 0
ServerAliveCountMax 3
HashKnownHosts no
UserKnownHostsFile ~/.ssh/known_hosts
ControlMaster no
ControlPath ~/.ssh/master-%r@%n:%p
ControlPersist no