We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
there are some pretty significant difference between the ssh agent shipped with nix-darwin and the default macOS / Darwin ssh agent.
is there any way to prevent nix-darwin from overriding the default host ssh agent in favor of relying on macOS's ssh agent?
an example of one of the issues I have encountered is enabling keychain usage on MacOS.
the nix-darwin ssh options appear to be rather limited: https://mynixos.com/nix-darwin/options/programs.ssh
here is an example configuration using home-manager that does not seem to correctly enable ssh MacOS keychain integration.
ssh = { enable = true; extraOptionOverrides = { ForwardAgent = "no"; # MacOS Keychain Support # https://docs.github.com/en/authentication/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#adding-your-ssh-key-to-the-ssh-agent # Run /usr/bin/ssh-add --apple-use-keychain ~/.ssh/id_github_<id> AddKeysToAgent = "yes"; UseKeychain = "yes"; IgnoreUnknown = "UseKeychain"; }; # How to use multiple SSH config with GH # https://medium.com/the-andela-way/a-practical-guide-to-managing-multiple-github-accounts-8e7970c8fd46 # generate an ssh key and add it below # create a workspace .gitconfig and add it to the global .gitconfig as an includeif directive # confirm it is working via $ ssh -T github.com-personal # https://dev.to/chakrit/multiple-identity-gitconfig-with-gpg-signing-8c0 matchBlocks = { "github.com-gjolund" = { hostname = "github.com"; user = "git"; identityFile = [ (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github_gjolund" ) (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github_gjolund" ) ]; }; "github.com-some-other-gh-user" = { hostname = "github.com"; user = "git"; identityFile = [ (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github_some-other-gh-user" ) (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github_some-other-gh-user" ) ]; }; "github.com-a-third-gh-user" = { hostname = "github.com"; user = "git"; identityFile = [ (lib.mkIf pkgs.stdenv.hostPlatform.isLinux "/home/${user}/.ssh/id_github_a-third-gh-user" ) (lib.mkIf pkgs.stdenv.hostPlatform.isDarwin "/Users/${user}/.ssh/id_github_a-third-gh-user" ) ]; }; }; };
this results in the following ssh config
AddKeysToAgent yes ForwardAgent no IgnoreUnknown UseKeychain UseKeychain yes Host github.com-gjolund User git HostName github.com IdentityFile /Users/minion/.ssh/id_github_gjolund Host github.com-some-other-gh-user User git HostName github.com IdentityFile /Users/minion/.ssh/id_github_some-other-gh-user Host github.com-a-third-gh-user User git HostName github.com IdentityFile /Users/minion/.ssh/id_github_a-third-gh-user Host * ForwardAgent no AddKeysToAgent no Compression no ServerAliveInterval 0 ServerAliveCountMax 3 HashKnownHosts no UserKnownHostsFile ~/.ssh/known_hosts ControlMaster no ControlPath ~/.ssh/master-%r@%n:%p ControlPersist no
The text was updated successfully, but these errors were encountered:
No branches or pull requests
there are some pretty significant difference between the ssh agent shipped with nix-darwin and the default macOS / Darwin ssh agent.
is there any way to prevent nix-darwin from overriding the default host ssh agent in favor of relying on macOS's ssh agent?
an example of one of the issues I have encountered is enabling keychain usage on MacOS.
the nix-darwin ssh options appear to be rather limited: https://mynixos.com/nix-darwin/options/programs.ssh
here is an example configuration using home-manager that does not seem to correctly enable ssh MacOS keychain integration.
this results in the following ssh config
The text was updated successfully, but these errors were encountered: