calcite: add ssh-tpm-agent

2024-03-25 16:26:48 +08:00 · 2024-03-25 16:26:48 +08:00 · aa230d639f
commit aa230d639f
parent 26a11e0df0
10 changed files with 136 additions and 29 deletions
--- a/modules/home-manager/git.nix
+++ b/modules/home-manager/git.nix
@ -14,7 +14,7 @@ in
          enable = mkEnableOption "Git ssh signing";
          keyFile = mkOption {
            type = types.str;
-            default = "~/.ssh/id_ed25519_sk";
+            default = "~/.ssh/id.pub";
          };
        };
      };
--- a/modules/home-manager/vscode.nix
+++ b/modules/home-manager/vscode.nix
@ -44,13 +44,14 @@ in
        scala-lang.scala
        scalameta.metals

+        (ms-vscode.cmake-tools.overrideAttrs (_: { sourceRoot = "extension"; }))
+        twxs.cmake
+
        sterben.fpga-support

        ms-vscode-remote.remote-ssh-edit
        mushan.vscode-paste-image
      ]) ++ (with pkgs.vscode-extensions; [
-        ms-vscode.cmake-tools
-        twxs.cmake
        waderyan.gitblame
        catppuccin.catppuccin-vsc
        # Rust
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -7,5 +7,6 @@
    ./hedgedoc.nix
    ./sing-box.nix
    ./kanidm-client.nix
+    ./ssh-tpm-agent.nix # FIXME: Waiting for upstream merge
  ];
 }
--- a/modules/nixos/ssh-tpm-agent.nix
+++ b/modules/nixos/ssh-tpm-agent.nix
@ -0,0 +1,48 @@
+# Temporary workaround
+{ config, pkgs, lib, ... }:
+let
+  cfg = config.services.ssh-tpm-agent;
+in
+{
+  options = {
+    services.ssh-tpm-agent.enable = lib.mkEnableOption "TPM supported ssh agent in go";
+  };
+  config = lib.mkIf cfg.enable {
+    systemd.user.services.ssh-tpm-agent = {
+      enable = true;
+      unitConfig = {
+        Description = "SSH TPM agent service";
+        Documentation = "man:ssh-agent(1) man:ssh-add(1) man:ssh(1)";
+        Requires = "ssh-tpm-agent.socket";
+        ConditionEnvironment = "!SSH_AGENT_PID";
+      };
+      serviceConfig = {
+        Environment = "SSH_AUTH_SOCK=%t/ssh-tpm-agent.socket";
+        ExecStart = "${pkgs.ssh-tpm-agent}/bin/ssh-tpm-agent";
+        PassEnvironment = "SSH_AGENT_PID";
+        SuccessExitStatus = 2;
+        Type = "simple";
+      };
+      wants = [ "ssh-tpm-agent.socket" ];
+    };
+
+    systemd.user.sockets.ssh-tpm-agent = {
+      enable = true;
+      description = "SSH TPM agent socket";
+      socketConfig = {
+        ListenStream = "%t/ssh-tpm-agent.sock";
+        SocketMode = "0600";
+        Service = "ssh-tpm-agent.service";
+      };
+
+      wantedBy = [ "sockets.target" ];
+    };
+
+    environment = {
+      systemPackages = [ pkgs.ssh-tpm-agent ];
+      extraInit = ''
+        export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-tpm-agent.sock"
+      '';
+    };
+  };
+}