ssh-agent: Allow other systemd units access to $SSH_AUTH_SOCK

If another systemd unit wants to talk to the ssh-agent service, they need to know the SSH_AUTH_SOCK variable to do so.
2025-12-21 16:31:10 +01:00 · 2025-10-10 19:05:01 -07:00 · 2025-10-10 19:05:01 -07:00 · 0467d026ce
commit 0467d026ce
parent 43e205606a
5 changed files with 16 additions and 7 deletions
--- a/modules/services/ssh-agent.nix
+++ b/modules/services/ssh-agent.nix
@ -86,11 +86,18 @@ in
        Description = "SSH authentication agent";
        Documentation = "man:ssh-agent(1)";
      };
-      Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
-        lib.optionalString (
-          cfg.defaultMaximumIdentityLifetime != null
-        ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
-      }";
+      Service = {
+        ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
+          lib.optionalString (
+            cfg.defaultMaximumIdentityLifetime != null
+          ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
+        }";
+        ExecStartPost = "${pkgs.writeShellScript "update-ssh-agent-env" ''
+          if [ -z "$SSH_AUTH_SOCK" ]; then
+            ${pkgs.dbus}/bin/dbus-update-activation-environment --systemd "$@"
+          fi
+        ''} SSH_AUTH_SOCK=%t/${cfg.socket}";
+      };
    };
  };
 }
--- a/tests/modules/services/ssh-agent/basic-service-expected.service
+++ b/tests/modules/services/ssh-agent/basic-service-expected.service
@ -3,6 +3,7 @@ WantedBy=default.target

 [Service]
 ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent/socket
+ExecStartPost=/nix/store/00000000000000000000000000000000-update-ssh-agent-env SSH_AUTH_SOCK=%t/ssh-agent/socket

 [Unit]
 Description=SSH authentication agent
--- a/tests/modules/services/ssh-agent/basic-service.nix
+++ b/tests/modules/services/ssh-agent/basic-service.nix
@ -6,7 +6,7 @@

  nmt.script = ''
    assertFileContent \
-      home-files/.config/systemd/user/ssh-agent.service \
+      $(normalizeStorePaths home-files/.config/systemd/user/ssh-agent.service) \
      ${./basic-service-expected.service}
  '';
 }
--- a/tests/modules/services/ssh-agent/timeout-service-expected.service
+++ b/tests/modules/services/ssh-agent/timeout-service-expected.service
@ -3,6 +3,7 @@ WantedBy=default.target

 [Service]
 ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent -t 1337
+ExecStartPost=/nix/store/00000000000000000000000000000000-update-ssh-agent-env SSH_AUTH_SOCK=%t/ssh-agent

 [Unit]
 Description=SSH authentication agent
--- a/tests/modules/services/ssh-agent/timeout-service.nix
+++ b/tests/modules/services/ssh-agent/timeout-service.nix
@ -6,7 +6,7 @@

  nmt.script = ''
    assertFileContent \
-      home-files/.config/systemd/user/ssh-agent.service \
+      $(normalizeStorePaths home-files/.config/systemd/user/ssh-agent.service) \
      ${./timeout-service-expected.service}
  '';
 }