Commit 935826292832

Vincent Demeester <vincent@sbr.pm>
2026-01-12 15:45:51
fix(ssh): set IdentityAgent=none per-host for .home only
- Remove wildcard *.home and *.vpn patterns from openssh.nix - Add IdentityAgent=none in lib/functions.nix sshConfig function - Only applies to .home suffixed hosts, not .vpn (need YubiKey for VPN) - Prevents yubikey prompts in TRAMP for local network connections
main
1 parent d7112bd
Changed files (2)
home
common
shell
openssh.nix
lib
functions.nix
home/common/shell/openssh.nix
@@ -86,17 +86,6 @@
           controlPersist = "360";
         };
       };
-      # Disable IdentityAgent for home network hosts (prevents yubikey prompts in TRAMP)
-      "*.home" = {
-        extraOptions = {
-          IdentityAgent = "none";
-        };
-      };
-      "*.vpn" = {
-        extraOptions = {
-          IdentityAgent = "none";
-        };
-      };
       "*.redhat.com" = {
         user = "vdemeest";
       };
lib/functions.nix
@@ -155,8 +155,10 @@ let
               else
                 x;
             forwardAgent = true;
-            # identityFile = "~/.ssh/kyushu";
-            # identityAgent = "empty";
+            # Disable IdentityAgent for .home hosts (prevents yubikey prompts in TRAMP)
+            extraOptions = lib.optionalAttrs (lib.strings.hasSuffix ".home" x) {
+              IdentityAgent = "none";
+            };
           };
         })
         (