Use solo key for ssh, disable gpg-agent ssh integration

This makes use of ED25519-SK keys that provide 2FA for SSH. Also,
switch to using the SSH key to sign git commits

home-manager/modules/git/default.nix

@@ -21,10 +21,16 @@ in
     };
 
     signingKey = mkOption {
-      description = "your GPG signing key ID";
+      description = "your signing key";
       type = types.nullOr types.str;
       default = null;
     };
+
+    signingKeyFormat = mkOption {
+      description = "the type of signing key";
+      type = types.enum [ "openpgp" "x509" "ssh" ];
+      default = "openpgp";
+    };
   };
 
   config = mkIf cfg.enable {
@@ -112,6 +118,11 @@ in
           patternType = "extended";
         };
 
+        gpg = {
+          format = cfg.signingKeyFormat;
+          ssh.allowedSignersFile = "~/.config/git/allowed_signers";
+        };
+
         url = {
           "ssh://git@repohost.bedum.horus.nu/" = {
             insteadOf = "rh:";

home-manager/modules/gpg/default.nix

@@ -23,9 +23,9 @@ in
     services.gpg-agent = {
       enable = true;
       pinentryFlavor = "gnome3";
-      enableSshSupport = true;
-      defaultCacheTtlSsh = 14400;
-      maxCacheTtlSsh = 14400;
+      # enableSshSupport = true;
+      # defaultCacheTtlSsh = 14400;
+      # maxCacheTtlSsh = 14400;
       extraConfig = ''
         allow-loopback-pinentry
       '';

home-manager/modules/ssh/default.nix

@@ -15,7 +15,7 @@ in
       hashKnownHosts = true;
       matchBlocks = {
         "*" = {
-          identityFile = "~/.ssh/id_ed25519";
+          identityFile = "~/.ssh/id_ed25519_sk";
           identitiesOnly = true;
           extraOptions = {
             Ciphers = "chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr";

machines/loki/configuration.nix

@@ -152,6 +152,7 @@ in
   # };
 
   services.openssh.enable = true;
+  programs.ssh.startAgent = true;
 
   services.sunshine = {
     enable = true;

modules/desktop/default.nix

@@ -89,9 +89,9 @@ in
         QT_WAYLAND_DISABLE_WINDOWDECORATION = "1";
         QT_QPA_PLATFORMTHEME = "qt5ct";
         SDL_VIDEODRIVER = "wayland";
-        SSH_AUTH_SOCK = ''''${XDG_RUNTIME_DIR}/gnupg/S.gpg-agent.ssh'';
+        SSH_AUTH_SOCK = ''''${XDG_RUNTIME_DIR}/ssh-agent'';
         AMD_VULKAN_ICD = "RADV";
-        # NIXOS_OZONE_WL = "1";
+        NIXOS_OZONE_WL = "1";
       };
 
       etc = {

users/erwin/default.nix

@@ -18,7 +18,7 @@ in
       openssh.authorizedKeys.keyFiles = [
         (pkgs.fetchurl {
           url = "https://github.com/eboskma.keys";
-          sha256 = "z/4lQnFuSkq8O0eunnkXIAH3x3ii9qVr9hxh4/8jBkc=";
+          sha256 = "uwK4FSLSHiwCJU9U7RBFHIoCmr7uUQLM0JM1u0bi4xo=";
         })
       ];
     };

users/erwin/desktop.nix

@@ -63,7 +63,9 @@ in
               enable = true;
               name = "Erwin Boskma";
               email = "erwin@datarift.nl";
-              signingKey = "EE7ADEFE1D943C7B";
+              # signingKey = "EE7ADEFE1D943C7B";
+              signingKey = "~/.ssh/id_ed25519_sk";
+              signingKeyFormat = "ssh";
             };
             gpg.enable = true;
             neovim.enable = true;