diff --git a/modules/services/ssh-agent.nix b/modules/services/ssh-agent.nix
index e7f81182f..35714e2b9 100644
--- a/modules/services/ssh-agent.nix
+++ b/modules/services/ssh-agent.nix
@@ -23,7 +23,8 @@ in
default = "ssh-agent";
example = "ssh-agent/socket";
description = ''
- The agent's socket; interpreted as a suffix to {env}`$XDG_RUNTIME_DIR`.
+ The agent's socket; interpreted as a suffix to {env}`$XDG_RUNTIME_DIR`
+ on Linux and `$(getconf DARWIN_USER_TEMP_DIR)` on macOS.
'';
};
@@ -45,52 +46,91 @@ in
enableNushellIntegration = lib.hm.shell.mkNushellIntegrationOption { inherit config; };
};
- config = lib.mkIf cfg.enable {
- assertions = [
- (lib.hm.assertions.assertPlatform "services.ssh-agent" pkgs lib.platforms.linux)
- ];
-
- programs =
- let
- bashIntegration = ''
- if [ -z "$SSH_AUTH_SOCK" ]; then
- export SSH_AUTH_SOCK=$XDG_RUNTIME_DIR/${cfg.socket}
- fi
- '';
-
- fishIntegration = ''
- if test -z "$SSH_AUTH_SOCK"
- set -x SSH_AUTH_SOCK $XDG_RUNTIME_DIR/${cfg.socket}
- end
- '';
-
- nushellIntegration = ''
- if "SSH_AUTH_SOCK" not-in $env {
- $env.SSH_AUTH_SOCK = $"($env.XDG_RUNTIME_DIR)/${cfg.socket}"
- }
- '';
- in
+ config = lib.mkIf cfg.enable (
+ lib.mkMerge [
{
- bash.initExtra = lib.mkIf cfg.enableBashIntegration bashIntegration;
+ programs =
+ let
+ socketPath =
+ if pkgs.stdenv.isDarwin then
+ "$(${lib.getExe pkgs.getconf} DARWIN_USER_TEMP_DIR)/${cfg.socket}"
+ else
+ "$XDG_RUNTIME_DIR/${cfg.socket}";
- zsh.initContent = lib.mkIf cfg.enableZshIntegration bashIntegration;
+ bashIntegration = ''
+ if [ -z "$SSH_AUTH_SOCK" ]; then
+ export SSH_AUTH_SOCK=${socketPath}
+ fi
+ '';
- fish.interactiveShellInit = lib.mkIf cfg.enableFishIntegration fishIntegration;
+ fishIntegration = ''
+ if test -z "$SSH_AUTH_SOCK"
+ set -x SSH_AUTH_SOCK ${socketPath}
+ end
+ '';
- nushell.extraConfig = lib.mkIf cfg.enableNushellIntegration nushellIntegration;
- };
+ nushellIntegration =
+ if pkgs.stdenv.isDarwin then
+ ''
+ if "SSH_AUTH_SOCK" not-in $env {
+ $env.SSH_AUTH_SOCK = $"(${lib.getExe pkgs.getconf} DARWIN_USER_TEMP_DIR)/${cfg.socket}"
+ }
+ ''
+ else
+ ''
+ if "SSH_AUTH_SOCK" not-in $env {
+ $env.SSH_AUTH_SOCK = $"($env.XDG_RUNTIME_DIR)/${cfg.socket}"
+ }
+ '';
+ in
+ {
+ bash.initExtra = lib.mkIf cfg.enableBashIntegration bashIntegration;
- systemd.user.services.ssh-agent = {
- Install.WantedBy = [ "default.target" ];
- Unit = {
- Description = "SSH authentication agent";
- Documentation = "man:ssh-agent(1)";
- };
- Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
- lib.optionalString (
- cfg.defaultMaximumIdentityLifetime != null
- ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
- }";
- };
- };
+ zsh.initContent = lib.mkIf cfg.enableZshIntegration bashIntegration;
+
+ fish.interactiveShellInit = lib.mkIf cfg.enableFishIntegration fishIntegration;
+
+ nushell.extraConfig = lib.mkIf cfg.enableNushellIntegration nushellIntegration;
+ };
+ }
+
+ (lib.mkIf pkgs.stdenv.isLinux {
+ systemd.user.services.ssh-agent = {
+ Install.WantedBy = [ "default.target" ];
+ Unit = {
+ Description = "SSH authentication agent";
+ Documentation = "man:ssh-agent(1)";
+ };
+ Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
+ lib.optionalString (
+ cfg.defaultMaximumIdentityLifetime != null
+ ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
+ }";
+ };
+ })
+
+ (lib.mkIf pkgs.stdenv.isDarwin {
+ launchd.agents.ssh-agent = {
+ enable = true;
+ config = {
+ ProgramArguments = [
+ (lib.getExe pkgs.bash)
+ "-c"
+ ''${lib.getExe' cfg.package "ssh-agent"} -D -a "$(${lib.getExe pkgs.getconf} DARWIN_USER_TEMP_DIR)/${cfg.socket}"${
+ lib.optionalString (
+ cfg.defaultMaximumIdentityLifetime != null
+ ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
+ }''
+ ];
+ KeepAlive = {
+ Crashed = true;
+ SuccessfulExit = false;
+ };
+ ProcessType = "Background";
+ RunAtLoad = true;
+ };
+ };
+ })
+ ]
+ );
}
diff --git a/tests/darwinScrublist.nix b/tests/darwinScrublist.nix
index ff23a728f..fda687da6 100644
--- a/tests/darwinScrublist.nix
+++ b/tests/darwinScrublist.nix
@@ -50,6 +50,7 @@ let
"feh"
"fzf"
"gallery-dl"
+ "getconf"
"gh"
"gh-dash"
"ghostty"
@@ -125,6 +126,7 @@ let
"ollama"
"onlyoffice-desktopeditors"
"opencode"
+ "openssh"
"openstackclient"
"papis"
"patdiff"
diff --git a/tests/modules/services/ssh-agent/darwin/bash-integration.nix b/tests/modules/services/ssh-agent/darwin/bash-integration.nix
new file mode 100644
index 000000000..b4fb91096
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/bash-integration.nix
@@ -0,0 +1,14 @@
+{
+ services.ssh-agent = {
+ enable = true;
+ enableBashIntegration = true;
+ };
+
+ programs.bash.enable = true;
+
+ nmt.script = ''
+ assertFileContains \
+ home-files/.bashrc \
+ 'export SSH_AUTH_SOCK=$(@getconf-system_cmds@/bin/getconf DARWIN_USER_TEMP_DIR)/ssh-agent'
+ '';
+}
diff --git a/tests/modules/services/ssh-agent/darwin/basic-service-expected.plist b/tests/modules/services/ssh-agent/darwin/basic-service-expected.plist
new file mode 100644
index 000000000..1a939f6a9
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/basic-service-expected.plist
@@ -0,0 +1,25 @@
+
+
+
+
+ KeepAlive
+
+ Crashed
+
+ SuccessfulExit
+
+
+ Label
+ org.nix-community.home.ssh-agent
+ ProcessType
+ Background
+ ProgramArguments
+
+ @bash-interactive@/bin/bash
+ -c
+ @openssh@/bin/ssh-agent -D -a "$(@getconf-system_cmds@/bin/getconf DARWIN_USER_TEMP_DIR)/ssh-agent"
+
+ RunAtLoad
+
+
+
\ No newline at end of file
diff --git a/tests/modules/services/ssh-agent/darwin/basic-service.nix b/tests/modules/services/ssh-agent/darwin/basic-service.nix
new file mode 100644
index 000000000..db865b6d5
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/basic-service.nix
@@ -0,0 +1,14 @@
+{ config, ... }:
+
+{
+ services.ssh-agent = {
+ enable = true;
+ package = config.lib.test.mkStubPackage { outPath = "@openssh@"; };
+ };
+
+ nmt.script = ''
+ assertFileContent \
+ LaunchAgents/org.nix-community.home.ssh-agent.plist \
+ ${./basic-service-expected.plist}
+ '';
+}
diff --git a/tests/modules/services/ssh-agent/darwin/default.nix b/tests/modules/services/ssh-agent/darwin/default.nix
new file mode 100644
index 000000000..310b0ae59
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/default.nix
@@ -0,0 +1,6 @@
+{
+ ssh-agent-darwin-basic-service = ./basic-service.nix;
+ ssh-agent-darwin-timeout-service = ./timeout-service.nix;
+ ssh-agent-darwin-bash-integration = ./bash-integration.nix;
+ ssh-agent-darwin-nushell-integration = ./nushell-integration.nix;
+}
diff --git a/tests/modules/services/ssh-agent/darwin/nushell-integration.nix b/tests/modules/services/ssh-agent/darwin/nushell-integration.nix
new file mode 100644
index 000000000..40c531ae3
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/nushell-integration.nix
@@ -0,0 +1,14 @@
+{
+ services.ssh-agent = {
+ enable = true;
+ enableNushellIntegration = true;
+ };
+
+ programs.nushell.enable = true;
+
+ nmt.script = ''
+ assertFileContains \
+ home-files/.config/nushell/config.nu \
+ '$env.SSH_AUTH_SOCK = $"(@getconf-system_cmds@/bin/getconf DARWIN_USER_TEMP_DIR)/ssh-agent"'
+ '';
+}
diff --git a/tests/modules/services/ssh-agent/darwin/timeout-service-expected.plist b/tests/modules/services/ssh-agent/darwin/timeout-service-expected.plist
new file mode 100644
index 000000000..0a49f024d
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/timeout-service-expected.plist
@@ -0,0 +1,25 @@
+
+
+
+
+ KeepAlive
+
+ Crashed
+
+ SuccessfulExit
+
+
+ Label
+ org.nix-community.home.ssh-agent
+ ProcessType
+ Background
+ ProgramArguments
+
+ @bash-interactive@/bin/bash
+ -c
+ @openssh@/bin/ssh-agent -D -a "$(@getconf-system_cmds@/bin/getconf DARWIN_USER_TEMP_DIR)/ssh-agent" -t 1337
+
+ RunAtLoad
+
+
+
\ No newline at end of file
diff --git a/tests/modules/services/ssh-agent/darwin/timeout-service.nix b/tests/modules/services/ssh-agent/darwin/timeout-service.nix
new file mode 100644
index 000000000..172bbd35e
--- /dev/null
+++ b/tests/modules/services/ssh-agent/darwin/timeout-service.nix
@@ -0,0 +1,15 @@
+{ config, ... }:
+
+{
+ services.ssh-agent = {
+ enable = true;
+ defaultMaximumIdentityLifetime = 1337;
+ package = config.lib.test.mkStubPackage { outPath = "@openssh@"; };
+ };
+
+ nmt.script = ''
+ assertFileContent \
+ LaunchAgents/org.nix-community.home.ssh-agent.plist \
+ ${./timeout-service-expected.plist}
+ '';
+}
diff --git a/tests/modules/services/ssh-agent/default.nix b/tests/modules/services/ssh-agent/default.nix
index 247d2a88f..960622855 100644
--- a/tests/modules/services/ssh-agent/default.nix
+++ b/tests/modules/services/ssh-agent/default.nix
@@ -3,7 +3,5 @@
pkgs,
...
}:
-lib.optionalAttrs pkgs.stdenv.hostPlatform.isLinux {
- ssh-agent-basic-service = ./basic-service.nix;
- ssh-agent-timeout-service = ./timeout-service.nix;
-}
+(lib.optionalAttrs pkgs.stdenv.hostPlatform.isLinux (import ./linux))
+// (lib.optionalAttrs pkgs.stdenv.hostPlatform.isDarwin (import ./darwin))
diff --git a/tests/modules/services/ssh-agent/basic-service-expected.service b/tests/modules/services/ssh-agent/linux/basic-service-expected.service
similarity index 100%
rename from tests/modules/services/ssh-agent/basic-service-expected.service
rename to tests/modules/services/ssh-agent/linux/basic-service-expected.service
diff --git a/tests/modules/services/ssh-agent/basic-service.nix b/tests/modules/services/ssh-agent/linux/basic-service.nix
similarity index 100%
rename from tests/modules/services/ssh-agent/basic-service.nix
rename to tests/modules/services/ssh-agent/linux/basic-service.nix
diff --git a/tests/modules/services/ssh-agent/linux/default.nix b/tests/modules/services/ssh-agent/linux/default.nix
new file mode 100644
index 000000000..a8aff2878
--- /dev/null
+++ b/tests/modules/services/ssh-agent/linux/default.nix
@@ -0,0 +1,4 @@
+{
+ ssh-agent-basic-service = ./basic-service.nix;
+ ssh-agent-timeout-service = ./timeout-service.nix;
+}
diff --git a/tests/modules/services/ssh-agent/timeout-service-expected.service b/tests/modules/services/ssh-agent/linux/timeout-service-expected.service
similarity index 100%
rename from tests/modules/services/ssh-agent/timeout-service-expected.service
rename to tests/modules/services/ssh-agent/linux/timeout-service-expected.service
diff --git a/tests/modules/services/ssh-agent/timeout-service.nix b/tests/modules/services/ssh-agent/linux/timeout-service.nix
similarity index 100%
rename from tests/modules/services/ssh-agent/timeout-service.nix
rename to tests/modules/services/ssh-agent/linux/timeout-service.nix