me like nix
ssh stuff
author
Sean Aye
date
(May 18, 2026, 4:58 AM -0400)
commit
089bc10e
089bc10e13f735ae5e202f6fc021faaa1cf78eb9
parent
5fc7c7d2
5fc7c7d294dfaa3ae43a9a677aa033799d6cafab
change-id
zrvtmnrv
zrvtmnrvyulymvzmynoprmxwrskwswnu
+15
-3
+9
-1
modules/sean.nix
+9
-1
modules/sean.nix
···
82
82
EDITOR = "hx";
83
83
VISUAL = "hx";
84
84
SUDO_EDITOR = "hx";
85
-
SSH_AUTH_SOCK = "${config.home.homeDirectory}/.1password/agent.sock";
86
85
SSH_ASKPASS = "${pkgs.openssh-askpass}/libexec/gtk-ssh-askpass";
87
86
SSH_ASKPASS_REQUIRE = "prefer";
88
87
};
88
+
89
+
# Only point at the local 1Password agent when not inside an SSH
90
+
# session — otherwise we'd clobber the forwarded agent from `ssh -A`
91
+
# and lose access to the laptop's YubiKey.
92
+
home.sessionVariablesExtra = ''
93
+
if [ -z "$SSH_CONNECTION" ]; then
94
+
export SSH_AUTH_SOCK="${config.home.homeDirectory}/.1password/agent.sock"
95
+
fi
96
+
'';
89
97
90
98
# SSH allowed signers for commit signature verification
91
99
home.file.".ssh/allowed_signers".text = ''
+6
-2
modules/shell.nix
+6
-2
modules/shell.nix
···
89
89
};
90
90
interactiveShellInit = ''
91
91
set fish_greeting
92
-
# Set 1Password SSH agent socket
93
-
set -gx SSH_AUTH_SOCK ${config.home.homeDirectory}/.1password/agent.sock
92
+
# Set 1Password SSH agent socket, but only when not inside an
93
+
# SSH session — otherwise preserve the forwarded agent from
94
+
# `ssh -A` so YubiKey signing keeps working on remote hosts.
95
+
if not set -q SSH_CONNECTION
96
+
set -gx SSH_AUTH_SOCK ${config.home.homeDirectory}/.1password/agent.sock
97
+
end
94
98
# Load 1Password CLI plugins
95
99
if test -f ~/.config/op/plugins.sh
96
100
source ~/.config/op/plugins.sh