ssh-agent: Allow other systemd units access to $SSH_AUTH_SOCK

Quincunx271 · Quincunx271 · commit 8fb1f10bde6e · 2025-10-10T20:32:46.000-07:00
If another systemd unit wants to talk to the ssh-agent service, they
need to know the SSH_AUTH_SOCK variable to do so.
diff --git a/modules/services/ssh-agent.nix b/modules/services/ssh-agent.nix
@@ -54,11 +54,16 @@ in
         Description = "SSH authentication agent";
         Documentation = "man:ssh-agent(1)";
       };
-      Service.ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
-        lib.optionalString (
-          cfg.defaultMaximumIdentityLifetime != null
-        ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
-      }";
+      Service = {
+        ExecStart = "${lib.getExe' cfg.package "ssh-agent"} -D -a %t/${cfg.socket}${
+          lib.optionalString (
+            cfg.defaultMaximumIdentityLifetime != null
+          ) " -t ${toString cfg.defaultMaximumIdentityLifetime}"
+        }";
+        ExecStartPost = ''
+          ${pkgs.dbus}/bin/dbus-update-activation-environment --systemd SSH_AUTH_SOCK=%t/${cfg.socket}
+        '';
+      };
     };
   };
 }
diff --git a/tests/modules/services/ssh-agent/basic-service-expected.service b/tests/modules/services/ssh-agent/basic-service-expected.service
@@ -3,6 +3,8 @@ WantedBy=default.target
 
 [Service]
 ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent/socket
+ExecStartPost=@dbus@/bin/dbus-update-activation-environment --systemd SSH_AUTH_SOCK=%t/ssh-agent/socket
+
 
 [Unit]
 Description=SSH authentication agent
diff --git a/tests/modules/services/ssh-agent/timeout-service-expected.service b/tests/modules/services/ssh-agent/timeout-service-expected.service
@@ -3,6 +3,8 @@ WantedBy=default.target
 
 [Service]
 ExecStart=@openssh@/bin/ssh-agent -D -a %t/ssh-agent -t 1337
+ExecStartPost=@dbus@/bin/dbus-update-activation-environment --systemd SSH_AUTH_SOCK=%t/ssh-agent
+
 
 [Unit]
 Description=SSH authentication agent
