Open gjolund opened 5 months ago
there are some pretty significant difference between the ssh agent shipped with nix-darwin and the default macOS / Darwin ssh agent.
is there any way to prevent nix-darwin from overriding the default host ssh agent in favor of relying on macOS's ssh agent?
an example of one of the issues I have encountered is enabling keychain usage on MacOS.
the nix-darwin ssh options appear to be rather limited: https://mynixos.com/nix-darwin/options/programs.ssh
here is an example configuration using home-manager that does not seem to correctly enable ssh MacOS keychain integration.
ssh = { enable = true; extraOptionOverrides = { ForwardAgent = "no"; # MacOS Keychain Support # https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent # Run /usr/bin/ssh-add --apple-use-keychain ~/.ssh/id_github_<id> AddKeysToAgent = "yes"; UseKeychain = "yes"; IgnoreUnknown = "UseKeychain"; }; # How to use multiple SSH config with GH # https://medium.com/the-andela-way/a-practical-guide-to-managing-multiple-github-accounts-8e7970c8fd46 # generate an ssh key and add it below # create a workspace .gitconfig and add it to the global .gitconfig as an includeif directive # confirm it is working via $ ssh -T github.com-personal # https://dev.to/chakrit/multiple-identity-gitconfig-with-gpg-signing-8c0 matchBlocks = { "github.com-gjolund" = { hostname = "github.com"; user = "git"; identityFile = [ (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github_gjolund" ) (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github_gjolund" ) ]; }; "github.com-some-other-gh-user" = { hostname = "github.com"; user = "git"; identityFile = [ (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github_some-other-gh-user" ) (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github_some-other-gh-user" ) ]; }; "github.com-a-third-gh-user" = { hostname = "github.com"; user = "git"; identityFile = [ (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github_a-third-gh-user" ) (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github_a-third-gh-user" ) ]; }; }; };
this results in the following ssh config
AddKeysToAgent yes ForwardAgent no IgnoreUnknown UseKeychain UseKeychain yes Host github.com-gjolund User git HostName github.com IdentityFile /Users/minion/.ssh/id_github_gjolund Host github.com-some-other-gh-user User git HostName github.com IdentityFile /Users/minion/.ssh/id_github_some-other-gh-user Host github.com-a-third-gh-user User git HostName github.com IdentityFile /Users/minion/.ssh/id_github_a-third-gh-user Host * ForwardAgent no AddKeysToAgent no Compression no ServerAliveInterval 0 ServerAliveCountMax 3 HashKnownHosts no UserKnownHostsFile ~/.ssh/known_hosts ControlMaster no ControlPath ~/.ssh/master-%r@%n:%p ControlPersist no
there are some pretty significant difference between the ssh agent shipped with nix-darwin and the default macOS / Darwin ssh agent.
is there any way to prevent nix-darwin from overriding the default host ssh agent in favor of relying on macOS's ssh agent?
an example of one of the issues I have encountered is enabling keychain usage on MacOS.
the nix-darwin ssh options appear to be rather limited: https://mynixos.com/nix-darwin/options/programs.ssh
here is an example configuration using home-manager that does not seem to correctly enable ssh MacOS keychain integration.
this results in the following ssh config