dotfiles/nixos-config
1
0
Fork 0
mirror of https://github.com/srid/nixos-config.git synced 2026-05-03 20:26:15 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions
nixos-config/docs/GIT-SSH-REMOTE.md
Sridhar Ratnakumar 3de37301b3 one more doc
2026-03-22 11:40:14 -04:00

2.3 KiB
Raw Permalink Blame History

Git over SSH on remote machines

Using git (and other SSH operations) on remote machines like pureintent, authenticated via 1Password SSH agent on the Mac (zest).

How it works

  1. Mac (zest): 1Password provides the SSH agent with keys
  2. SSH connection: ssh -A pureintent forwards the agent
  3. Remote (~/.ssh/rc): Updates a stable symlink at ~/.ssh/ssh_auth_sock on each connect (see modules/home/cli/ssh-agent-forwarding.nix)
  4. Zellij/tmux: SSH_AUTH_SOCK points to the symlink, so sessions survive reconnects

The weak link: step 2 requires a live SSH connection. When it dies, the socket goes stale and git stops working.

Automating the persistent connection

Add autossh as a launchd agent via home-manager on zest. This keeps a backgrounded SSH connection alive and restarts it on failure.

home-manager config (Mac side)

# modules/home/cli/autossh-pureintent.nix
{ pkgs, ... }:
{
  home.packages = [ pkgs.autossh ];

  launchd.agents.autossh-pureintent = {
    enable = true;
    config = {
      ProgramArguments = [
        "${pkgs.autossh}/bin/autossh"
        "-M" "0"          # no monitoring port; rely on ServerAlive
        "-N"               # no remote command
        "-A"               # forward agent
        "-o" "ServerAliveInterval=30"
        "-o" "ServerAliveCountMax=3"
        "-o" "ExitOnForwardFailure=yes"
        "pureintent"
      ];
      KeepAlive = true;
      RunAtLoad = true;
      StandardOutPath = "$HOME/Library/Logs/autossh-pureintent/stdout";
      StandardErrorPath = "$HOME/Library/Logs/autossh-pureintent/stderr";
    };
  };
}

Then import from configurations/home/srid@zest.nix.

Note

launchd doesn't expand $HOME in log paths. Use the full literal path (/Users/srid/Library/Logs/...) or use config.home.homeDirectory in the nix expression.

Manual fallback

If the autossh connection is down and you need a quick fix in a stale session:

# Find any active socket with a specific key
export SSH_AUTH_SOCK=$(for sock in ~/.ssh/agent/s.*; do
  SSH_AUTH_SOCK="$sock" ssh-add -l 2>/dev/null | grep -q 'id_ed25519' && echo "$sock" && break
done)

Clean up stale sockets

for sock in ~/.ssh/agent/s.*; do
  SSH_AUTH_SOCK="$sock" ssh-add -l 2>/dev/null || rm "$sock"
done