From 76e18cffd04b20e9aa353df24f34cb7fceb6257f Mon Sep 17 00:00:00 2001
From: Alan Pearce
Date: Mon, 11 Nov 2024 22:13:27 +0100
Subject: marvin: switch back to ssh keys in secure enclave

---
 flake.lock               |  9 ++++-----
 private                  |  2 +-
 system/marvin.nix        |  4 ++++
 user/settings/darwin.nix | 14 +-------------
 4 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/flake.lock b/flake.lock
index 2e82dccd..6b2fc477 100644
--- a/flake.lock
+++ b/flake.lock
@@ -410,11 +410,10 @@
     "secrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1724763034,
-        "narHash": "sha256-IX3FlHvdrN1jghNQpFHEhZ7fPX9Bs3YiBp1r/f5lnYo=",
-        "ref": "refs/heads/main",
-        "rev": "2affab49f584a89d02432ff4705fdec6b8d0cdbf",
-        "revCount": 69,
+        "lastModified": 1731419442,
+        "narHash": "sha256-pKX4fJEu8rUdwtDOKjNP/e/MWzGYGqhGIM/9TgcfhGw=",
+        "rev": "ca9bcf13988895dbdef43a9b70125ad39604ed2e",
+        "revCount": 70,
         "type": "git",
         "url": "file:///home/alan/projects/alanpearce.eu/nixfiles/private"
       },
diff --git a/private b/private
index 2affab49..ca9bcf13 160000
--- a/private
+++ b/private
@@ -1 +1 @@
-Subproject commit 2affab49f584a89d02432ff4705fdec6b8d0cdbf
+Subproject commit ca9bcf13988895dbdef43a9b70125ad39604ed2e
diff --git a/system/marvin.nix b/system/marvin.nix
index 68caa190..e2a1e4e5 100644
--- a/system/marvin.nix
+++ b/system/marvin.nix
@@ -14,6 +14,10 @@
 
   environment.variables.LANG = "en_GB.UTF-8";
 
+  launchd.user.envVariables = {
+    SSH_AUTH_SOCK = "/Users/alan/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh";
+  };
+
   # Used for backwards compatibility, please read the changelog before changing.
   # $ darwin-rebuild changelog
   system.stateVersion = 4;
diff --git a/user/settings/darwin.nix b/user/settings/darwin.nix
index 1a30a870..f445e5cb 100644
--- a/user/settings/darwin.nix
+++ b/user/settings/darwin.nix
@@ -118,19 +118,7 @@
   };
 
   programs.ssh.extraConfig = ''
-    IdentityAgent "~/.strongbox/agent.sock"
-  '';
-
-  home.activation.linkStrongboxSSHAgentSocket = lib.hm.dag.entryAfter [ "writeBoundary" ] ''
-    if [[ ! -d ~/.strongbox ]]
-    then
-      $DRY_RUN_CMD mkdir ~/.strongbox
-    fi
-    if [[ ! -S ~/.strongbox/agent.sock ]]
-    then
-      $DRY_RUN_CMD ln -s $VERBOSE_ARG \
-        ~/Library/Group\ Containers/group.strongbox.mac.mcguill/agent.sock ~/.strongbox/agent.sock
-    fi
+    IdentityAgent ~/Library/Containers/com.maxgoedjen.Secretive.SecretAgent/Data/socket.ssh
   '';
 
   # Use GPG from  GPGTools
-- 
cgit 1.4.1