nathan/home-manager
1
0
Fork 0
mirror of https://github.com/nix-community/home-manager.git synced 2026-06-05 21:02:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

sshAuthSock: set in systemd

Browse Source 
`SSH_AUTH_SOCK` is exported in shells only, which systemd does not
inherit from. With this commit, it is also set in systemd such that
systemd-managed applications can access the SSH agent by declaring
dependencies onto 'sshAuthSock.systemd.socketProviderUnit'.

Closes #7971.
This commit is contained in:
Benedikt Rips
2026-06-02 14:43:55 +02:00
committed by Austin Horstman
parent f4534a4f3c
commit f1d5aa6f69
8 changed files with 54 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
modules/misc/ssh-auth-sock.nix
View File

@@ -1,4 +1,9 @@
{ config, lib, ... }: {
config,
lib,
pkgs,
...
}:
let let
cfg = config.sshAuthSock; cfg = config.sshAuthSock;
@@ -44,6 +49,18 @@ in
}; };
}; };
systemd.socketProviderUnit = lib.mkOption {
description = ''
The name of the systemd unit responsible for providing the {env}`SSH_AUTH_SOCK`.
Services that rely on an active SSH authentication agent can reference
this option to declare a dependency onto this unit, ensuring that the
socket is available and being served before they start.
'';
example = "ssh-agent.service";
type = lib.types.str;
};
}; };
config = config =
@@ -78,5 +95,26 @@ in
programs.fish.shellInit = lib.mkOrder 900 fishIntegration; programs.fish.shellInit = lib.mkOrder 900 fishIntegration;
programs.nushell.extraConfig = lib.mkOrder 900 nushellIntegration; programs.nushell.extraConfig = lib.mkOrder 900 nushellIntegration;
programs.zsh.envExtra = lib.mkOrder 900 zshIntegration; programs.zsh.envExtra = lib.mkOrder 900 zshIntegration;
# Replace this service by an environment generator as soon as they are
# available per-user. See https://github.com/systemd/systemd/issues/32423
# for more information.
systemd.user.services.set-SSH_AUTH_SOCK = {
Unit = {
Description = "Sets SSH_AUTH_SOCK in the D-BUS daemon and systemd";
Before = [ cfg.systemd.socketProviderUnit ];
};
Service = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "set-SSH_AUTH_SOCK" ''
${bashIntegration}
${pkgs.dbus}/bin/dbus-update-activation-environment --systemd SSH_AUTH_SOCK
'';
};
Install.WantedBy = [
"default.target"
cfg.systemd.socketProviderUnit
];
};
}; };
} }

1
modules/services/gpg-agent.nix
View File

@@ -393,6 +393,7 @@ in
$env.SSH_AUTH_SOCK = $"(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)" $env.SSH_AUTH_SOCK = $"(${gpgPkg}/bin/gpgconf --list-dirs agent-ssh-socket)"
''; '';
}; };
systemd.socketProviderUnit = "gpg-agent-ssh.socket";
}; };
programs = { programs = {

1
modules/services/proton-pass-agent.nix
View File

@@ -86,6 +86,7 @@ in
''$"($env.XDG_RUNTIME_DIR)/${cfg.socket}"'' ''$"($env.XDG_RUNTIME_DIR)/${cfg.socket}"''
}"; }";
}; };
systemd.socketProviderUnit = "proton-pass-agent.service";
}; };
systemd.user.services.proton-pass-agent = { systemd.user.services.proton-pass-agent = {

1
modules/services/ssh-agent.nix
View File

@@ -80,6 +80,7 @@ in
''$"($env.XDG_RUNTIME_DIR)/${cfg.socket}"'' ''$"($env.XDG_RUNTIME_DIR)/${cfg.socket}"''
}"; }";
}; };
systemd.socketProviderUnit = "ssh-agent.service";
}; };
systemd.user.services.ssh-agent = { systemd.user.services.ssh-agent = {

1
modules/services/ssh-tpm-agent.nix
View File

@@ -80,6 +80,7 @@ in
fish = ''set -x SSH_AUTH_SOCK "$XDG_RUNTIME_DIR/ssh-tpm-agent.sock"''; fish = ''set -x SSH_AUTH_SOCK "$XDG_RUNTIME_DIR/ssh-tpm-agent.sock"'';
nushell = ''$env.SSH_AUTH_SOCK = $"($env.XDG_RUNTIME_DIR)/ssh-tpm-agent.sock"''; nushell = ''$env.SSH_AUTH_SOCK = $"($env.XDG_RUNTIME_DIR)/ssh-tpm-agent.sock"'';
}; };
systemd.socketProviderUnit = lib.mkOverride 90 "ssh-tpm-agent.socket";
}; };
systemd.user = { systemd.user = {

1
modules/services/yubikey-agent.nix
View File

@@ -42,6 +42,7 @@ in
''$"($env.XDG_RUNTIME_DIR | default $"/run/user/(id -u)")/yubikey-agent/yubikey-agent.sock"'' ''$"($env.XDG_RUNTIME_DIR | default $"/run/user/(id -u)")/yubikey-agent/yubikey-agent.sock"''
}"; }";
}; };
systemd.socketProviderUnit = "yubikey-agent.socket";
}; };
systemd.user.services.yubikey-agent = { systemd.user.services.yubikey-agent = {

2
tests/modules/misc/ssh-auth-sock/disabled.nix
View File

@@ -19,5 +19,7 @@
assertFileNotRegex \ assertFileNotRegex \
home-files/.zshenv \ home-files/.zshenv \
'SSH_AUTH_SOCK' 'SSH_AUTH_SOCK'
assertPathNotExists home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service
''; '';
} }

8
tests/modules/misc/ssh-auth-sock/enabled.nix
View File

@@ -1,3 +1,5 @@
{ config, lib, ... }:
{ {
programs.bash.enable = true; programs.bash.enable = true;
programs.fish.enable = true; programs.fish.enable = true;
@@ -11,6 +13,7 @@
fish = "echo fish"; fish = "echo fish";
nushell = "echo nushell"; nushell = "echo nushell";
}; };
systemd.socketProviderUnit = "foo.socket";
}; };
nmt.script = '' nmt.script = ''
@@ -26,5 +29,10 @@
assertFileContains \ assertFileContains \
home-files/.zshenv \ home-files/.zshenv \
'if [ -z "$SSH_AUTH_SOCK" -o -z "$SSH_CONNECTION" ]; then' 'if [ -z "$SSH_AUTH_SOCK" -o -z "$SSH_CONNECTION" ]; then'
''
+ lib.optionalString config.systemd.user.enable ''
assertFileExists home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service
assertFileContains home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service 'Before=foo.socket'
assertFileContains home-files/.config/systemd/user/set-SSH_AUTH_SOCK.service 'WantedBy=foo.socket'
''; '';
} }