From 7665a9a4ccd1d98bc74408819a2c7d921b078d7e Mon Sep 17 00:00:00 2001
From: Myned <dev@bjork.tech>
Date: Wed, 25 Sep 2024 15:14:23 -0500
Subject: [PATCH] ssh: fix fhs permissions

Signed-off-by: Myned <dev@bjork.tech>
---
 options/custom/programs/ssh.nix | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/options/custom/programs/ssh.nix b/options/custom/programs/ssh.nix
index 19ab510..d789964 100644
--- a/options/custom/programs/ssh.nix
+++ b/options/custom/programs/ssh.nix
@@ -15,13 +15,22 @@ in {
       StrictHostKeyChecking no
     '';
 
-    home-manager.users.${config.custom.username}.programs.ssh = {
-      enable = true;
+    home-manager.users.${config.custom.username} = {
+      programs.ssh = {
+        enable = true;
 
-      extraConfig = ''
-        Host *
-          IdentityAgent ~/.1password/agent.sock
-      '';
+        extraConfig = ''
+          Host *
+            IdentityAgent ~/.1password/agent.sock
+        '';
+      };
+
+      # Work around FHS permissions
+      # https://github.com/nix-community/home-manager/issues/322#issuecomment-1856128020
+      home.file.".ssh/config" = {
+        target = ".ssh/config_source";
+        onChange = "cat ~/.ssh/config_source > ~/.ssh/config && chmod 400 ~/.ssh/config";
+      };
     };
   };
 }