fix

maybe don't clobber sessionvariables
add tpmssh
2025-11-03 22:33:45 +00:00 · 2024-09-28 20:16:19 +01:00 · 2024-09-28 20:06:13 +01:00 · 2024-09-28 19:57:44 +01:00 · 2024-09-28 19:19:59 +01:00
5 changed files with 44 additions and 10 deletions
--- a/flake.nix
+++ b/flake.nix
@ -19,10 +19,14 @@
  outputs = inputs: let
    overlays = [
      # Add our own local packages
-      (final: prev: rec {
+      (final: prev: {
        # Make my local packages available as pkgs.mypkgs.<foo>
        mypkgs = prev.callPackage ./pkgs {};
      })
+      # more up to date ssh-tpm-agent. Can probably ditch this post-24.05
+      (final: prev: {
+        ssh-tpm-agent = (import inputs.nixpkgs-unstable { system = prev.system; }).ssh-tpm-agent;
+      })
    ];
  in (rec {
      profiles = import ./home/profiles.nix;
@ -68,11 +72,6 @@

      # Standalone home-manager configurations
      homeConfigurations = {
-        boron = lib.mkHome {
-          system = "aarch64-darwin";
-          profiles = with profiles; [default dev dev-gui sensitive mac docker aws];
-          username = "samuel.willcocks";
-        };
        zinc = lib.mkHome {
          system = "aarch64-darwin";
          profiles = with profiles; [default dev dev-gui sensitive mac];
--- a/home/default.nix
+++ b/home/default.nix
@ -6,9 +6,8 @@
 in {
  home.packages = packages.all;
  home.sessionVariables = {
-    "PATH" = "$HOME/.local/bin:$PATH";
-    "EDITOR" = "vim";
-    "WORDCHARS" = "\${WORDCHARS//[\\/.=]/}"; # ctrl-w on paths without make angery
+    EDITOR = "vim"; # is overriden to nvim in vim.nix if needed 
+    WORDCHARS = "\${WORDCHARS//[\\/.=]/}"; # ctrl-w on paths without make angery
  };
  /*
  # For some reason this doesn't play nice when using home manager config from inside
--- a/home/profiles.nix
+++ b/home/profiles.nix
@ -10,6 +10,7 @@
  dev-gui = {...}: {
    imports = [./vscode.nix];
  };
+  tpmssh = ./tpmssh.nix;
  # Sensitive stuff
  sensitive = {...}: {
    imports = [
--- a/home/tpmssh.nix
+++ b/home/tpmssh.nix
@ -0,0 +1,35 @@
+# Enable tpm-ssh-agent in a systemd user service
+{pkgs, config, lib, ...}: {
+  home.packages = [ pkgs.ssh-tpm-agent ];
+  home.sessionVariables = {
+    SSH_AUTH_SOCK = let
+      maybeProxy = lib.strings.optionalString config.services.gpg-agent.enableSshSupport " -A $(${config.programs.gpg.package}/bin/gpgconf --list-dirs agent-ssh-socket)";
+      cmd = "${pkgs.ssh-tpm-agent}/bin/ssh-tpm-agent --print-socket${maybeProxy}";
+    in "$(${cmd})";
+    TESTIFICLES = "hello";
+  };
+  systemd.user.sockets.ssh-tpm-agent = {
+    Unit.WantedBy = [ "sockets.target" ];
+    Socket = {
+      ListenStream = "%t/ssh-tpm-agent.sock";
+      SocketMode = "0600";
+      Service = "ssh-tpm-agent.service";
+    };
+  };
+
+  systemd.user.services.ssh-tpm-agent = {
+    Unit = {
+      Requires = [ "ssh-tpm-agent.socket" ];
+      ConditionEnvironment = "!SSH_AGENT_PID";
+    };
+    Service = {
+      Environment = ''
+        SSH_AUTH_SOCK="%t/ssh-tpm-agent.sock"
+      '';
+      ExecStart = "${pkgs.ssh-tpm-agent}";
+      PassEnvironment = "SSH_AGENT_PID";
+      SuccessExitStatus = 2;
+      Type = "simple";
+    };
+  };
+}
--- a/home/vim.nix
+++ b/home/vim.nix
@ -5,7 +5,7 @@
  lib,
  ...
 }: {
-  home.sessionVariables = lib.mkForce {"EDITOR" = "nvim";};
+  home.sessionVariables.EDITOR = lib.mkForce "nvim";
  home.packages = with pkgs; [ripgrep];
  programs.neovim = {
    enable = true;
Author	SHA1	Message	Date
Sam Willcocks	98a3416191	fix	2024-09-28 20:16:19 +01:00
Sam Willcocks	665403ee0f	maybe don't clobber sessionvariables	2024-09-28 20:06:13 +01:00
Sam Willcocks	c0978d2186	add tpmssh	2024-09-28 19:57:44 +01:00
Sam Willcocks	b3b9941c9b	remove boron	2024-09-28 19:19:59 +01:00