ssh-agent: Allow other systemd units access to $SSH_AUTH_SOCK

If another systemd unit wants to talk to the ssh-agent service, they need to know the SSH_AUTH_SOCK variable to do so.
2025-12-22 00:41:12 +01:00 · 2025-10-10 19:05:01 -07:00 · 2025-10-10 19:05:01 -07:00 · 0467d026ce
commit 0467d026ce
parent 43e205606a
5 changed files with 16 additions and 7 deletions
--- a/modules/services/ssh-agent.nix
+++ b/modules/services/ssh-agent.nix
@ -86,11 +86,18 @@ in
        Description = "SSH authentication agent";
        Documentation = "man:ssh-agent(1)";
      };
-      Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
+      Service = {
-        lib.optionalString (
+        ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
-          cfg.defaultMaximumIdentityLifetime != null
+          lib.optionalString (
-        ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
+            cfg.defaultMaximumIdentityLifetime != null
-      }";
+          ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
        }";
        ExecStartPost = "${pkgs.writeShellScript "update-ssh-agent-env" ''
          if [ -z "$SSH_AUTH_SOCK" ]; then
            ${pkgs.dbus}/bin/dbus-update-activation-environment --systemd "$@"
          fi
        ''} SSH_AUTH_SOCK=%t/${cfg.socket}";
      };
    };
  };
 }
--- a/tests/modules/services/ssh-agent/basic-service-expected.service
+++ b/tests/modules/services/ssh-agent/basic-service-expected.service
@ -3,6 +3,7 @@ WantedBy=default.target
 [Service]
 ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent/socket
 ExecStartPost=/nix/store/00000000000000000000000000000000-update-ssh-agent-env SSH_AUTH_SOCK=%t/ssh-agent/socket
 [Unit]
 Description=SSH authentication agent
--- a/tests/modules/services/ssh-agent/basic-service.nix
+++ b/tests/modules/services/ssh-agent/basic-service.nix
@ -6,7 +6,7 @@
  nmt.script = ''
    assertFileContent \
-      home-files/.config/systemd/user/ssh-agent.service \
+      $(normalizeStorePaths home-files/.config/systemd/user/ssh-agent.service) \
      ${./basic-service-expected.service}
  '';
 }
--- a/tests/modules/services/ssh-agent/timeout-service-expected.service
+++ b/tests/modules/services/ssh-agent/timeout-service-expected.service
@ -3,6 +3,7 @@ WantedBy=default.target
 [Service]
 ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent -t 1337
 ExecStartPost=/nix/store/00000000000000000000000000000000-update-ssh-agent-env SSH_AUTH_SOCK=%t/ssh-agent
 [Unit]
 Description=SSH authentication agent
--- a/tests/modules/services/ssh-agent/timeout-service.nix
+++ b/tests/modules/services/ssh-agent/timeout-service.nix
@ -6,7 +6,7 @@
  nmt.script = ''
    assertFileContent \
-      home-files/.config/systemd/user/ssh-agent.service \
+      $(normalizeStorePaths home-files/.config/systemd/user/ssh-agent.service) \
      ${./timeout-service-expected.service}
  '';
 }