Created
August 17, 2025 20:49
-
-
Save excavador/a05effabbeccbd096879be2e17b04e00 to your computer and use it in GitHub Desktop.
nix + ssh-agent + git-config
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ➜ sudo find /etc/nix | |
| /etc/nix | |
| /etc/nix/ssh | |
| /etc/nix/ssh/known_hosts | |
| /etc/nix/ssh/config | |
| /etc/nix/nix.custom.conf | |
| /etc/nix/nix.conf | |
| /etc/nix/gitconfig | |
| ➜ sudo cat /etc/nix/ssh/config | |
| Host github.com | |
| IdentityAgent /etc/systemd/system/nix-daemon-ssh-agent.sock | |
| StrictHostKeyChecking no | |
| UserKnownHostsFile /etc/ssh/ssh/known_hosts | |
| ➜ sudo cat /etc/nix/gitconfig | |
| [filter "lfs"] | |
| process = git-lfs filter-process | |
| required = true | |
| clean =...%f | |
| [url "[email protected]:truvity/"] | |
| insteadOf = https://github.com/truvity/ | |
| ➜ sudo cat /etc/nix/nix.custom.conf | |
| # Written by https://github.com/DeterminateSystems/nix-installer. | |
| # The contents below are based on options specified at installation time. | |
| extra-sandbox-paths = /etc/systemd/system/nix-daemon-ssh-agent.sock? | |
| extra-sandbox-paths = /etc/gitconfig=/etc/nix/gitconfig | |
| extra-sandbox-paths = /etc/ssh/ssh_config=/etc/nix/ssh/config | |
| builders-use-substitutes = true | |
| ➜ sudo cat /etc/systemd/system/nix-daemon-ssh-agent.service | |
| [Unit] | |
| Description=SSH agent for Nix builds | |
| After=network.target | |
| [Service] | |
| Type=forking | |
| User=root | |
| ExecStart=/usr/local/bin/nix-daemon-ssh-agent | |
| RemainAfterExit=yes | |
| [Install] | |
| WantedBy=multi-user.target | |
| ➜ sudo cat /usr/local/bin/nix-daemon-ssh-agent | |
| #!/bin/bash | |
| set -euo pipefail | |
| export USER_SSH_AUTH_SOCK=/run/user/1000/gnupg/S.gpg-agent.ssh | |
| export COPY_SSH_AUTH_SOCK=/etc/systemd/system/nix-daemon-ssh-agent.sock | |
| (umount $COPY_SSH_AUTH_SOCK || true) | |
| touch $COPY_SSH_AUTH_SOCK | |
| /usr/bin/mount --bind $USER_SSH_AUTH_SOCK $COPY_SSH_AUTH_SOCK | |
| chmod 666 $COPY_SSH_AUTH_SOCK | |
| ➜ sudo bash -c 'ssh-keyscan -H github.com > /etc/nix/ssh/known_hosts' | |
| ➜ sudo chmod 0700 /etc/nix/ssh | |
| ➜ sudo chmod 0644 /etc/nix/ssh/known_hosts | |
| ➜ sudo chmod 0644 /etc/nix/ssh/config | |
| ➜ sudo systemctl enable --now /etc/systemd/system/nix-daemon-ssh-agent.service | |
| ➜ sudo systemctl restart nix-daemon.service |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
all good, except for one thing:
sudo chmod +x /usr/local/bin/nix-daemon-ssh-agent, otherwise you get this error: