From 1bb59ffc80cbb6acd59c324b53bca1d142fbbbdb Mon Sep 17 00:00:00 2001 From: 123kupola <123kupola@gmail.com> Date: Wed, 27 May 2026 15:23:17 +0200 Subject: [PATCH] feat: seed SSH agent config in firstboot (Sam & Hermes) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit shell-ssh.sh now seeds ~/.ssh/config (AddKeysToAgent yes) and ~/.tmux.conf (SSH_AUTH_SOCK persistence) after SSH key install. Idempotent — appends to existing configs if already present. Fixes agent-dead-after-tmux-restart for every fresh Clawdie install. --- .graphifyignore | 20 ++++++++++++++++ firstboot/shell-ssh.sh | 54 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 73 insertions(+), 1 deletion(-) create mode 100644 .graphifyignore diff --git a/.graphifyignore b/.graphifyignore new file mode 100644 index 00000000..09063b63 --- /dev/null +++ b/.graphifyignore @@ -0,0 +1,20 @@ +.git/ +tmp/ +node_modules/ +dist/ +build/ +.cache/ +.env +*.key +*.pem +*.sqlite +*.db +*.img +*.img.gz +*.iso +*.sha256 +packages/ +downloads/ +html/ +webroot/ +graphify-out/cache/ diff --git a/firstboot/shell-ssh.sh b/firstboot/shell-ssh.sh index 25995748..9cbac444 100644 --- a/firstboot/shell-ssh.sh +++ b/firstboot/shell-ssh.sh @@ -25,6 +25,7 @@ clawdie_shell_ssh_setup() { # 1. Configure SSH keys (if provided) # 2. Set system passwords (if provided or auto-generate) # 3. Configure SSH auth methods (key-only or key+password) + # 4. Seed SSH agent persistence (~/.ssh/config + ~/.tmux.conf) log_msg "[ssh] Starting SSH and password setup" @@ -42,7 +43,8 @@ clawdie_shell_ssh_setup() { if [ -n "${SSH_PUBLIC_KEY:-}" ]; then clawdie_shell_ssh_install_pubkey clawdie_shell_ssh_disable_password_auth - log_msg "[ssh] SSH public key installed, password auth disabled" + clawdie_shell_ssh_seed_agent_config + log_msg "[ssh] SSH public key installed, password auth disabled, agent config seeded" else clawdie_shell_ssh_enable_password_auth log_msg "[ssh] No SSH key provided, password auth enabled (less secure)" @@ -102,6 +104,56 @@ clawdie_shell_ssh_install_pubkey() { return 0 } +# ============================================================================ +# SSH AGENT PERSISTENCE (seed ~/.ssh/config + ~/.tmux.conf) +# ============================================================================ + +clawdie_shell_ssh_seed_agent_config() { + # Seed SSH agent auto-load and tmux persistence for the clawdie user. + # Run after clawdie_shell_ssh_install_pubkey (requires user to exist). + + local ssh_config="/home/clawdie/.ssh/config" + local tmux_conf="/home/clawdie/.tmux.conf" + + # --- ~/.ssh/config: AddKeysToAgent yes, no agent forwarding --- + if [ ! -f "$ssh_config" ]; then + cat > "$ssh_config" <<'SSHEOF' +Host * + AddKeysToAgent yes + ForwardAgent no +SSHEOF + chmod 600 "$ssh_config" + chown clawdie:clawdie "$ssh_config" 2>/dev/null || true + log_msg "[ssh] Seeded ~/.ssh/config with AddKeysToAgent yes" + else + # Append only if not already present (idempotent) + if ! grep -q 'AddKeysToAgent' "$ssh_config" 2>/dev/null; then + printf '\nHost *\n AddKeysToAgent yes\n ForwardAgent no\n' >> "$ssh_config" + log_msg "[ssh] Appended AddKeysToAgent to existing ~/.ssh/config" + fi + fi + + # --- ~/.tmux.conf: persist agent socket across windows --- + if [ ! -f "$tmux_conf" ]; then + cat > "$tmux_conf" <<'TMUXEOF' +set -g base-index 1 +setw -g pane-base-index 1 +set -g mouse on +set-option -g update-environment "SSH_AUTH_SOCK SSH_AGENT_PID" +TMUXEOF + chmod 644 "$tmux_conf" + chown clawdie:clawdie "$tmux_conf" 2>/dev/null || true + log_msg "[ssh] Seeded ~/.tmux.conf with agent persistence" + else + if ! grep -q 'SSH_AUTH_SOCK' "$tmux_conf" 2>/dev/null; then + printf '\nset-option -g update-environment "SSH_AUTH_SOCK SSH_AGENT_PID"\n' >> "$tmux_conf" + log_msg "[ssh] Appended agent persistence to existing ~/.tmux.conf" + fi + fi + + return 0 +} + # ============================================================================ # SSH AUTH METHOD CONFIGURATION # ============================================================================