From 13f246e2ba280d2aef88829106bbedb9f5782e33 Mon Sep 17 00:00:00 2001
From: hektor <hektor.misplon@pm.me>
Date: Fri, 10 Apr 2026 23:05:18 +0200
Subject: [PATCH] fix: prefer hardware-backed ssh keys

---
 home/modules/ssh/default.nix | 4 ++++
 modules/ssh/extract-keys.nix | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/home/modules/ssh/default.nix b/home/modules/ssh/default.nix
index 25ff5028..e821177b 100644
--- a/home/modules/ssh/default.nix
+++ b/home/modules/ssh/default.nix
@@ -39,6 +39,10 @@ in
       // {
         "*" = {
           addKeysToAgent = "yes";
+          identityFile = [
+            "~/.ssh/id_ed25519_sk"
+            "~/.ssh/id_ed25519"
+          ];
         };
       };
   };
diff --git a/modules/ssh/extract-keys.nix b/modules/ssh/extract-keys.nix
index 058bf835..9e472ab0 100644
--- a/modules/ssh/extract-keys.nix
+++ b/modules/ssh/extract-keys.nix
@@ -14,7 +14,10 @@ in
       chmod 644 "$HOST_DIR/ssh_host.pub"
     fi
 
-    USER_KEY="/home/${username}/.ssh/id_ed25519.pub"
+    USER_KEY="/home/${username}/.ssh/id_ed25519_sk.pub"
+    if [ ! -f "$USER_KEY" ]; then
+      USER_KEY="/home/${username}/.ssh/id_ed25519.pub"
+    fi
     if [ -f "$USER_KEY" ] && [ -d "$HOST_DIR" ]; then
       cp "$USER_KEY" "$HOST_DIR/ssh_user.pub"
       chown ${username}:users "$HOST_DIR/ssh_user.pub"