From 68416432037de51eb3e12445005e5ceb0188a16e Mon Sep 17 00:00:00 2001 From: Benedikt Rips Date: Mon, 5 Jan 2026 17:17:00 +0100 Subject: [PATCH] yubikey-agent: remove redundant platform checks --- modules/services/yubikey-agent.nix | 134 ++++++++++++++--------------- 1 file changed, 63 insertions(+), 71 deletions(-) diff --git a/modules/services/yubikey-agent.nix b/modules/services/yubikey-agent.nix index 7ae75153..97fadaee 100644 --- a/modules/services/yubikey-agent.nix +++ b/modules/services/yubikey-agent.nix @@ -19,79 +19,71 @@ in package = lib.mkPackageOption pkgs "yubikey-agent" { }; }; - config = mkIf cfg.enable ( - lib.mkMerge [ - { home.packages = [ cfg.package ]; } + config = mkIf cfg.enable { + home.packages = [ cfg.package ]; - (mkIf pkgs.stdenv.isLinux { - systemd.user.services.yubikey-agent = { - Unit = { - Description = "Seamless ssh-agent for YubiKeys"; - Documentation = "https://github.com/FiloSottile/yubikey-agent"; - Requires = "yubikey-agent.socket"; - After = "yubikey-agent.socket"; - RefuseManualStart = true; - }; + home.sessionVariables.SSH_AUTH_SOCK = + if pkgs.stdenv.isDarwin then + "/tmp/yubikey-agent.sock" + else + "\${XDG_RUNTIME_DIR:-/run/user/$UID}/yubikey-agent/yubikey-agent.sock"; - Service = { - ExecStart = "${cfg.package}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock"; - Type = "simple"; - # /run/user/$UID for the socket - ReadWritePaths = [ "%t" ]; + systemd.user.services.yubikey-agent = { + Unit = { + Description = "Seamless ssh-agent for YubiKeys"; + Documentation = "https://github.com/FiloSottile/yubikey-agent"; + Requires = "yubikey-agent.socket"; + After = "yubikey-agent.socket"; + RefuseManualStart = true; + }; + + Service = { + ExecStart = "${cfg.package}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock"; + Type = "simple"; + # /run/user/$UID for the socket + ReadWritePaths = [ "%t" ]; + }; + }; + + systemd.user.sockets.yubikey-agent = { + Unit = { + Description = "Unix domain socket for Yubikey SSH agent"; + Documentation = "https://github.com/FiloSottile/yubikey-agent"; + }; + + Socket = { + ListenStream = "%t/yubikey-agent/yubikey-agent.sock"; + RuntimeDirectory = "yubikey-agent"; + SocketMode = "0600"; + DirectoryMode = "0700"; + }; + + Install = { + WantedBy = [ "sockets.target" ]; + }; + }; + + launchd.agents.yubikey-agent = { + enable = true; + config = { + ProgramArguments = [ + "${cfg.package}/bin/yubikey-agent" + "-l" + "/tmp/yubikey-agent.sock" + ]; + + KeepAlive = { + Crashed = true; + SuccessfulExit = false; + }; + ProcessType = "Background"; + Sockets = { + Listener = { + SockPathName = "/tmp/yubikey-agent.sock"; + SockPathMode = 384; # 0600 in decimal }; }; - - systemd.user.sockets.yubikey-agent = { - Unit = { - Description = "Unix domain socket for Yubikey SSH agent"; - Documentation = "https://github.com/FiloSottile/yubikey-agent"; - }; - - Socket = { - ListenStream = "%t/yubikey-agent/yubikey-agent.sock"; - RuntimeDirectory = "yubikey-agent"; - SocketMode = "0600"; - DirectoryMode = "0700"; - }; - - Install = { - WantedBy = [ "sockets.target" ]; - }; - }; - - home.sessionVariables = { - SSH_AUTH_SOCK = "\${XDG_RUNTIME_DIR:-/run/user/$UID}/yubikey-agent/yubikey-agent.sock"; - }; - }) - - (mkIf pkgs.stdenv.isDarwin { - launchd.agents.yubikey-agent = { - enable = true; - config = { - ProgramArguments = [ - "${cfg.package}/bin/yubikey-agent" - "-l" - "/tmp/yubikey-agent.sock" - ]; - - KeepAlive = { - Crashed = true; - SuccessfulExit = false; - }; - ProcessType = "Background"; - Sockets = { - Listener = { - SockPathName = "/tmp/yubikey-agent.sock"; - SockPathMode = 384; # 0600 in decimal - }; - }; - }; - }; - - home.sessionVariables = { - SSH_AUTH_SOCK = "/tmp/yubikey-agent.sock"; - }; - }) - ] - ); + }; + }; + }; }