sam: Squelch post-quantum warn on Azure Devops SSH

Connecting to ADO gives this warning:

    ** WARNING: connection is not using a post-quantum key exchange algorithm.
    ** This session may be vulnerable to "store now, decrypt later" attacks.
    ** The server may need to be upgraded. See https://openssh.com/pq.html

ADO doesn't support any flavor of keys besides RSA. There are several
issues open about this on their feedback site, and it's been radio
silence:

https://developercommunity.visualstudio.com/t/support-non-rsa-keys-for-ssh-authentication/365980
https://developercommunity.visualstudio.com/t/11032779

And Microsoft has nothing to say besides vague "we've routed your
feedback to the appropriate product team".

There's more information on the warning at OpenSSH's docs page:

https://www.openssh.org/pq.html

oscar/configuration.nix

@@ -98,7 +98,6 @@
   };
 
   environment.sessionVariables = {
-    NIXOS_OZONE_WL = "1";
     BUILDKIT_PROGRESS = "plain";
   };
 
@@ -248,11 +247,11 @@
 
     programs.git = {
       enable = true;
-      userEmail = "chandler@chandlerswift.com";
-      userName = "Chandler Swift";
       lfs.enable = true;
       # TODO: delta or diff-so-fancy or difftastic
-      extraConfig = {
+      settings = {
+        user.name = "Chandler Swift;
+        user.email = "chandler@chandlerswift.com";
         init.defaultBranch = "main";
         pull.ff = "only";
         #init.templatedir = "~/.git-template"; # unsure what this was intended to do -- default hooks, maybe?
@@ -287,7 +286,7 @@
 
     programs.ssh = {
       enable = true;
-      addKeysToAgent = "yes";
+      matchBlocks."*".addKeysToAgent = "yes";
       matchBlocks = {
         bert = {
           user = "root";

sam/configuration.nix

@@ -93,13 +93,13 @@
       (azure-cli.withExtensions [
         # azure-cli.extensions.automation
         azure-cli.extensions.azure-devops
-        # azure-cli.extensions.bastion
+        azure-cli.extensions.bastion
         # azure-cli.extensions.fleet
         # azure-cli.extensions.interactive
         # azure-cli.extensions.log-analytics
         azure-cli.extensions.resource-graph
         # azure-cli.extensions.serial-console
-        # azure-cli.extensions.ssh
+        azure-cli.extensions.ssh
       ])
       iperf
       units
@@ -131,7 +131,6 @@
 
       clang
 
-      go
       go-tools
       gopls
 
@@ -140,6 +139,26 @@
     programs.bash = {
       enable = true;
       historyControl = [ "ignoredups" "ignorespace" ];
+      initExtra = ''
+        # https://kubernetes.io/docs/reference/kubectl/quick-reference/#bash
+        source <(kubectl completion bash)
+        k() {
+          if [[ -t 1 ]]; then # stdout is a terminal
+            tput dim # Konsole's default theme requires some adjustment
+            printf "$ kubectl --context %q" "$(kubectl config current-context 2>/dev/null)"
+            printf " %q" "$@"
+            echo
+            tput sgr0
+          fi
+          kubectl "$@"
+        }
+        complete -o default -F __start_kubectl k
+      '';
+    };
+
+    programs.go = {
+      enable = true;
+      env.GOPATH = [ "/home/chandler/.local/share/go" ];
     };
 
     programs.direnv = {
@@ -150,10 +169,10 @@
 
     programs.git = {
       enable = true;
-      userName = "Chandler Swift";
       lfs.enable = true;
       # TODO: delta or diff-so-fancy or difftastic
-      extraConfig = {
+      settings = {
+        user.name = "Chandler Swift";
         help.autoCorrect = "prompt";
         init.defaultBranch = "main";
         diff.wsErrorHighlight = "all";
@@ -202,7 +221,8 @@
 
     programs.ssh = {
       enable = true;
-      addKeysToAgent = "yes";
+      matchBlocks."*".addKeysToAgent = "yes";
+      matchBlocks."ssh.dev.azure.com".extraOptions.WarnWeakCrypto = "no-pq-kex";
       includes = [
         "config.d/*"
       ];