From 0467d026cec17e3f68ff080fabbd73955e31f53a Mon Sep 17 00:00:00 2001 From: Justin Bassett Date: Fri, 10 Oct 2025 19:05:01 -0700 Subject: [PATCH] ssh-agent: Allow other systemd units access to $SSH_AUTH_SOCK If another systemd unit wants to talk to the ssh-agent service, they need to know the SSH_AUTH_SOCK variable to do so. --- modules/services/ssh-agent.nix | 17 ++++++++++++----- .../ssh-agent/basic-service-expected.service | 1 + .../services/ssh-agent/basic-service.nix | 2 +- .../ssh-agent/timeout-service-expected.service | 1 + .../services/ssh-agent/timeout-service.nix | 2 +- 5 files changed, 16 insertions(+), 7 deletions(-) diff --git a/modules/services/ssh-agent.nix b/modules/services/ssh-agent.nix index e7f81182f..fb79f75db 100644 --- a/modules/services/ssh-agent.nix +++ b/modules/services/ssh-agent.nix @@ -86,11 +86,18 @@ in Description = "SSH authentication agent"; Documentation = "man:ssh-agent(1)"; }; - Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${ - lib.optionalString ( - cfg.defaultMaximumIdentityLifetime != null - ) " -t ${toString cfg.defaultMaximumIdentityLifetime}" - }"; + Service = { + ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${ + lib.optionalString ( + cfg.defaultMaximumIdentityLifetime != null + ) " -t ${toString cfg.defaultMaximumIdentityLifetime}" + }"; + ExecStartPost = "${pkgs.writeShellScript "update-ssh-agent-env" '' + if [ -z "$SSH_AUTH_SOCK" ]; then + ${pkgs.dbus}/bin/dbus-update-activation-environment --systemd "$@" + fi + ''} SSH_AUTH_SOCK=%t/${cfg.socket}"; + }; }; }; } diff --git a/tests/modules/services/ssh-agent/basic-service-expected.service b/tests/modules/services/ssh-agent/basic-service-expected.service index c03d61204..152215a62 100644 --- a/tests/modules/services/ssh-agent/basic-service-expected.service +++ b/tests/modules/services/ssh-agent/basic-service-expected.service @@ -3,6 +3,7 @@ WantedBy=default.target [Service] ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent/socket +ExecStartPost=/nix/store/00000000000000000000000000000000-update-ssh-agent-env SSH_AUTH_SOCK=%t/ssh-agent/socket [Unit] Description=SSH authentication agent diff --git a/tests/modules/services/ssh-agent/basic-service.nix b/tests/modules/services/ssh-agent/basic-service.nix index 26ab96ed2..d3913bcc4 100644 --- a/tests/modules/services/ssh-agent/basic-service.nix +++ b/tests/modules/services/ssh-agent/basic-service.nix @@ -6,7 +6,7 @@ nmt.script = '' assertFileContent \ - home-files/.config/systemd/user/ssh-agent.service \ + $(normalizeStorePaths home-files/.config/systemd/user/ssh-agent.service) \ ${./basic-service-expected.service} ''; } diff --git a/tests/modules/services/ssh-agent/timeout-service-expected.service b/tests/modules/services/ssh-agent/timeout-service-expected.service index ce16f584c..925e7932f 100644 --- a/tests/modules/services/ssh-agent/timeout-service-expected.service +++ b/tests/modules/services/ssh-agent/timeout-service-expected.service @@ -3,6 +3,7 @@ WantedBy=default.target [Service] ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent -t 1337 +ExecStartPost=/nix/store/00000000000000000000000000000000-update-ssh-agent-env SSH_AUTH_SOCK=%t/ssh-agent [Unit] Description=SSH authentication agent diff --git a/tests/modules/services/ssh-agent/timeout-service.nix b/tests/modules/services/ssh-agent/timeout-service.nix index 99f4cf8b2..8d102c75c 100644 --- a/tests/modules/services/ssh-agent/timeout-service.nix +++ b/tests/modules/services/ssh-agent/timeout-service.nix @@ -6,7 +6,7 @@ nmt.script = '' assertFileContent \ - home-files/.config/systemd/user/ssh-agent.service \ + $(normalizeStorePaths home-files/.config/systemd/user/ssh-agent.service) \ ${./timeout-service-expected.service} ''; }