ssh options

modules/programs/onepassword.nix

@@ -1,16 +1,10 @@
 { self, inputs, ... }: {
-  flake.modules.homeManager.onepassword = { config, pkgs, lib, ... }: {
+  flake.modules.homeManager.onepassword = { config, ... }: {
     home.file.".config/1Password/ssh/agent.toml".text = ''
       # https://developer.1password.com/docs/ssh/agent/config
       [[ssh-keys]]
       vault = "Private"
     '';
-    programs.ssh = {
-      enable = true;
-      extraConfig = ''
-        Host *
-            IdentityAgent ${config.home.homeDirectory}/.1password/agent.sock
-      '';
-    };
+    programs.ssh.matchBlocks."*".identityAgent = "${config.home.homeDirectory}/.1password/agent.sock";
   };
 }

modules/programs/sops.nix

@@ -64,8 +64,8 @@ in
         (writeShellScriptBin "gen-age-key" ''
           set -eu
 
-          if [ ! -f "${config.ssh.IdentityFile}" ]; then
-            ${echo} "SSH identity file not found: ${config.ssh.IdentityFile}" >&2
+          if [ ! -f "${config.ssh.identityFile}" ]; then
+            ${echo} "SSH identity file not found: ${config.ssh.identityFile}" >&2
             exit 1
           fi
 
@@ -75,7 +75,7 @@ in
           fi
 
           ${mkdir} -p "$(${dirname} "${cfg.ageKeyFile}")"
-          ${lib.getExe pkgs.ssh-to-age} -i ${config.ssh.IdentityFile} -private-key > ${cfg.ageKeyFile}
+          ${lib.getExe pkgs.ssh-to-age} -i ${config.ssh.identityFile} -private-key > ${cfg.ageKeyFile}
           ${echo} -n "Created ${cfg.ageKeyFile}: "
           ${echo} $(${lib.getExe show-age-key})
         '')
@@ -90,7 +90,7 @@ in
       sops = {
         defaultSopsFile = sopsSecretsPath;
         defaultSopsFormat = "yaml";
-        age.sshKeyPaths = [ "${config.ssh.IdentityFile}" ];
+        age.sshKeyPaths = [ "${config.ssh.identityFile}" ];
       };
     };
   };

modules/programs/step-client.nix

@@ -29,7 +29,7 @@
           ${principalArgs} \
           --provisioner "${cfg.provisioner}" \
           --provisioner-password-file "${config.sops.secrets."janus/admin_jwk".path}" \
-          "${firstPrincipal}" "${config.ssh.IdentityFile}.pub"
+          "${firstPrincipal}" "${config.ssh.identityFile}.pub"
         '')
       ];
     };